Lucene search
K

506 matches found

OSV
OSV
added 2018/12/07 9:29 p.m.4 views

CVE-2018-7067

A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web...

7.2CVSS5.8AI score0.01344EPSS
Exploits0References1
CNVD
CNVD
added 2018/11/29 12:0 a.m.3 views

SonarSource SonarQube Information Disclosure Vulnerability

SonarSource SonarQube is an open source code quality management platform from SonarSource Switzerland. The platform can detect code quality from seven dimensions , as well as through the form of plug-ins to support a variety of programming languages , including java, C, C/C++ and other code quali...

4.3CVSS4.5AI score0.0115EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2018/10/08 7:12 p.m.2 views

Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data

Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers. According to the tech giant, a security vulnerability in one of Google+'s People AP...

6.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2018/08/14 12:0 a.m.7 views

The vulnerability of the API components of Sun ZFS Storage Appliance Kit allows a hacker to gain full control over the application.

The vulnerability of the API framework components of the Sun ZFS Storage Appliance Kit AK is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the application by using network protocols...

7.5CVSS7.8AI score0.0239EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/07/31 12:0 a.m.2 views

Lenovo XClarity Administrator Parameter Injection Vulnerability

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The solution supports simplified infrastructure management, faster server response, and improved performance of Lenovo server systems. A parameter injection vulnerability exists in the Web API in...

9CVSS8.9AI score0.02244EPSS
Exploits0References1
OSV
OSV
added 2018/07/24 7:29 p.m.3 views

CVE-2018-11060

RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges...

8.8CVSS5.8AI score
Exploits0References3
exploitpack
exploitpack
added 2018/06/25 12:0 a.m.23 views

Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)

Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Exploit Title: Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Author: LiquidWorm Date: 2018-05-21 Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.6.5.2...

Exploits0
OSV
OSV
added 2018/05/02 10:29 p.m.4 views

CVE-2018-0245

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...

5.3CVSS5.8AI score0.02355EPSS
Exploits0References3
Hacker One
Hacker One
added 2018/01/26 11:21 p.m.35 views

Mail.ru: [3k.mail.ru] - Content spoofing

Text content spoofing protection bypass within application interface in 3k.mail.ru. Text-only content spoofing reports are usually not accepted. This report was triaged, because application had protection which was bypassed by reseracher. 3k.mail.ru is not in bug bounty scope...

2AI score
Exploits0
CNVD
CNVD
added 2017/07/26 12:0 a.m.3 views

NetApp OnCommand API Services Information Disclosure Vulnerability

NetApp OnCommand API Services is the United States NetApp set of API management tools. An information disclosure vulnerability exists in versions of NetApp OnCommand API Services prior to 1.2P3. A remote attacker could exploit this vulnerability to obtain sensitive information...

6.5CVSS6.2AI score0.01337EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/30 12:0 a.m.2 views

Rancher Server Security Bypass Vulnerability

Rancher Server is an open source platform for Docker that integrates native Docker management features such as Docker Machine and Docker Swarm. A security vulnerability exists in Rancher Server version 1.2.0+. An attacker can exploit the vulnerability to disable access control with the help of AP...

8.8CVSS6.8AI score0.01489EPSS
Exploits0References1
OSV
OSV
added 2016/07/22 2:59 a.m.2 views

CVE-2016-4594

The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call...

7.8CVSS7.3AI score0.01253EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.7 views

The vulnerability of Google Chrome browser allows a malicious actor to trigger a service failure.

The integer overflow in api.cc in Google V8 for Google Chrome allows malicious actors operating remotely to cause service failures or otherwise affect the system, by exploiting the large value of a variable...

7.5CVSS5.5AI score0.02072EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/03/31 12:0 a.m.7 views

The vulnerability of the application interface of IBM WebSphere Portal servers allows a hacker to gain access to read data or modify data.

The vulnerability of the application interface of IBM WebSphere Portal servers exists due to the lack of measures to eliminate special elements in LDAP requests implementation of LDAP. Exploiting this vulnerability allows a malicious actor to gain access to read data or modify data remotely...

6.4CVSS7.1AI score0.01672EPSS
Exploits0References3
CNVD
CNVD
added 2016/03/31 12:0 a.m.20 views

Atlassian Bamboo Ignite Realtime Smack XMPP API Arbitrary Code Execution Vulnerability

Atlassian Bamboo is a set of continuous integration build tools from Atlassian Australia. A security vulnerability in the Ignite Realtime Smack XMPP API used in Atlassian Bamboo versions prior to 5.9.9 and 5.10.x prior to 5.10.0 can be exploited by remote attackers to execute arbitrary Java code...

9.8CVSS7.6AI score0.02338EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/03/17 12:0 a.m.4 views

The vulnerability of the application interface of the IBM WebSphere Portal server allows a hacker to modify elements of the content.

The vulnerability of the application interface of the IBM WebSphere Portal server is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to remotely modify content elements using the application interface...

4CVSS5.8AI score0.00681EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/03/08 10:53 p.m.6 views

RabbitMQ: /api/... XSS vulnerability

A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the...

4.3CVSS5.7AI score0.02313EPSS
Exploits0References4
CNVD
CNVD
added 2015/09/25 12:0 a.m.3 views

Newphoria Photon Application Authentication Bypass Vulnerability

Newphoria Photon for Android is a suite of lighting applications based on the Android platform from the Japanese company Newphoria. A security restriction bypass vulnerability exists in the Newphoria Photon application. It allows attackers to bypass URL whitelisting protection mechanisms and gain...

6.8CVSS6.9AI score0.01093EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/06/05 12:0 a.m.2 views

The vulnerability of the Acrobat text viewing program allows a violator to circumvent access restrictions.

The vulnerability of the Acrobat text viewing program arises when using the JavaScript API, and it could allow a malicious actor to circumvent current access control regulations remotely...

10CVSS5.4AI score0.09917EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2015/01/16 9:4 p.m.3 views

foreman-proxy: failure to verify SSL certificates

It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted...

7.5CVSS5.8AI score0.01706EPSS
Exploits0References4
Rows per page
Query Builder