What is OpenAPI ❓ Concept, Examples and Advantages

What is OpenAPI? If there is anything that is growing anything like leaps and bounds then it’s API development and awareness towards API’s security. Whether it’s web API or mobile API, growth is significant in each domain. While we discuss API development, OpenAPI deserves a mention for sure. Thi...

CVE-2020-14273

HCL Domino is susceptible to a Denial of Service DoS vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server...

CVE-2020-35175

Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API...

Design/Logic Flaw

Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API...

Security update for salt (critical)

openSUSE Security Update: Security update for salt Announcement ID: openSUSE-SU-2020:1868-1 Rating: critical References: 1159670 1175987 1176024 1176294 1176397 1177867 1178319 1178361 1178362 1178485 Cross-References: CVE-2020-16846 CVE-2020-17490 CVE-2020-25592 Affected Products: openSUSE Leap...

CVE-2020-3521 Cisco Data Center Network Manager Read File Path Traversal Vulnerability

A vulnerability in a specific REST API of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker...

openstack-manila: User with share-network UUID is able to show, create and delete shares

An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks for...

Security advisory YSA-2020-01 | Yubico

Yubico received a report from LinkedIn Information Security indicating there is insufficient data validation in the open-source project for YubiKey Validation Server git: yubikey-val. Yubico verified the issue and has made a security update available to mitigate this issue and enhance the...

vertx: API Validation XML Schemas do not forbid file system access

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...

Cross site scripting

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...

Option CloudGate Insecure Direct Object References And XSS Vulnerabilities

Option CloudGate is prone to cross site scripting and insecure direct object reference authorization bypass vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Code injection

Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application...

FreeBSD : drupal -- multiple vulnerabilities (d9649816-5e0d-11e3-8d23-3c970e169bc2)

Drupal Security Team reports : Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. - Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 - Multiple vulnerabilities due to weakness in pseudorandom numb...

drupal -- multiple vulnerabilities

Drupal Security Team reports: Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 Multiple vulnerabilities due to weakness in pseudorandom number...

CentOS Update for rubygems CESA-2013:1441 centos6

Check for the Version of rubygems OpenVAS Vulnerability Test CentOS Update for rubygems CESA-2013:1441 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Moderate: Red Hat Security Advisory: ruby193-ruby security update

Updated ruby193-ruby packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

PT-2011-2541 · Microsoft · .Net Framework +1

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 2.0 SP1 through 4.0 Silverlight versions prior to 4.0.60531.0 Description: The issue allows remote attackers to execute arbitrary code via crafted applications, including XAML browser applications, ASP.NET...

Interspire Shopping Cart Full Path Disclosure

Exploit for unknown platform in category web applications ============================================= Interspire Shopping Cart Full Path Disclosure ============================================= Exploit Title: Interspire Shopping Cart Full Path Disclosure Date: 13-12-2009 Author: Mr.aFiR Softwar...

Courier Authentication Library: SQL injection vulnerability

Background The Courier Authentication Library is a generic authentication API that encapsulates the process of validating account passwords. Description It has been discovered that some input e.g. the username passed to the library are not properly sanitised before being used in SQL queries. Impa...