Lucene search
K

1895 matches found

NVD
NVD
added 2019/03/28 7:29 p.m.21 views

CVE-2019-9202

Nagios IM component of Nagios XI before 2.2.7 allows authenticated users to execute arbitrary code via API key issues...

8.8CVSS8.9AI score0.24176EPSS
Exploits3References2
OSV
OSV
added 2019/03/28 7:29 p.m.4 views

CVE-2019-9202

Nagios IM component of Nagios XI before 2.2.7 allows authenticated users to execute arbitrary code via API key issues...

8.8CVSS7.6AI score0.24176EPSS
Exploits3References2
Prion
Prion
added 2019/03/28 7:29 p.m.18 views

Input validation

Nagios IM component of Nagios XI before 2.2.7 allows authenticated users to execute arbitrary code via API key issues...

6.5CVSS8.8AI score0.24176EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2019/03/28 6:48 p.m.57 views

CVE-2019-9202

Nagios IM (component of Nagios XI) prior to 2.2.7 is vulnerable to an authenticated arbitrary code execution via API key issues. This CVE (CVE-2019-9202) is confirmed in Red Hat and other advisories, affecting Nagios IM versions

8.8CVSS8.8AI score0.24176EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2019/03/28 6:48 p.m.29 views

CVE-2019-9202

Nagios IM component of Nagios XI before 2.2.7 allows authenticated users to execute arbitrary code via API key issues...

8.9AI score0.24176EPSS
Exploits3References2
Kitploit
Kitploit
added 2019/03/15 11:38 a.m.320 views

Arjun v1.3 - HTTP Parameter Discovery Suite

Features Multi-threading 4 modes of detection A typical scan takes 30 seconds Regex powered heuristic scanning Huge list of 25,980 parameter names Makes just 30-35 requests to the target Usage Note: Arjun doesn't work with python 3.4 Discover parameters To find GET parameters, you can simply do:...

7.1AI score
Exploits0References2
Veracode
Veracode
added 2019/02/19 1:44 a.m.12 views

Information Disclosure

pact-js is vulnerable to information disclosure. Logs containing confidential information such as an AWS API Key are written into the log file in plain text as warnings when customProviderHeaders is used. This could potentially allow a local attacker to retrieve the information and perform furthe...

5.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2019/02/19 12:0 a.m.4 views

Nagios XI API Key Regeneration Privilege Escalation (CVE-2018-15711)

A privilege escalation vulnerability exists in the API component of Nagios XI. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access...

6.5CVSS4.7AI score0.36012EPSS
Exploits1
Hacker One
Hacker One
added 2019/02/16 12:30 a.m.13 views

Zendesk: Leaked artifactory_api_key via GitHub.

It was reported to Zendesk that a valid API key to an instance of Artifactory was unintentionally leaked via a public GitHub repository. We immediately rotated the key and investigated to ensure it was not utilized by any other party. We want to thank @rubyroobs for providing a detailed report...

1.1AI score
Exploits0
Prion
Prion
added 2019/02/08 3:29 a.m.16 views

Design/Logic Flaw

Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in...

4.3CVSS5.6AI score0.00901EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2019/02/08 3:29 a.m.13 views

CVE-2019-7628

Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in...

5.9CVSS5.5AI score0.00901EPSS
Exploits0References5
Cvelist
Cvelist
added 2019/02/08 3:0 a.m.19 views

CVE-2019-7628

Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in...

5.5AI score0.00901EPSS
Exploits0References5
OSV
OSV
added 2019/02/05 3:29 a.m.4 views

CVE-2018-15656

An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system with the specifie...

7.5CVSS5.8AI score0.01553EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/01/24 4:0 p.m.16 views

CVE-2019-1657 Cisco AMP Threat Grid API Key Information Disclosure Vulnerability

A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected...

4.3CVSS4.7AI score0.0145EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2019/01/24 4:0 p.m.5 views

CVE-2019-1657 Cisco AMP Threat Grid API Key Information Disclosure Vulnerability

A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected...

4.3CVSS6.8AI score0.0145EPSS
Exploits0References2
Cisco
Cisco
added 2019/01/23 4:0 p.m.144 views

Cisco AMP Threat Grid API Key Information Disclosure Vulnerability

A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected...

4.3CVSS0.7AI score0.0145EPSS
Exploits0References1
Patchstack
Patchstack
added 2019/01/17 12:0 a.m.20 views

WordPress Social Network Tabs premium plugin <=1.7.1 - Social Media API Key Leakage vulnerability

Social Media API Key Leakage vulnerability found by @fs0c131y in WordPress Social Network Tabs premium plugin versions =1.7.1. Solution 26 January 2019 - we were unable to find any information about the patched version of this plugin. We recommend to deactivate and delete this plugin from your...

9.8CVSS3.6AI score0.10401EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/01/15 9:29 p.m.19 views

Design/Logic Flaw

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3...

2.1CVSS5.3AI score0.0033EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/01/15 9:0 p.m.19 views

CVE-2019-0004 Juniper ATP: API and device keys are logged in a world-readable permissions file

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3...

7.8CVSS5.4AI score0.0033EPSS
Exploits0References1
CVE
CVE
added 2019/01/15 9:0 p.m.61 views

CVE-2019-0004

CVE-2019-0004 affects Juniper ATP 5.0 prior to 5.0.3. The issue is that API keys and device keys are logged to a file readable by local authenticated users, enabling potential abuse of WebUI operations. Affected component: Juniper ATP 5.0.x; root cause: keys logged to a world-readable/local file....

7.8CVSS5.6AI score0.0033EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder