506 matches found
CVE-2018-7067
A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web...
SonarSource SonarQube Information Disclosure Vulnerability
SonarSource SonarQube is an open source code quality management platform from SonarSource Switzerland. The platform can detect code quality from seven dimensions , as well as through the form of plug-ins to support a variety of programming languages , including java, C, C/C++ and other code quali...
Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data
Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers. According to the tech giant, a security vulnerability in one of Google+'s People AP...
The vulnerability of the API components of Sun ZFS Storage Appliance Kit allows a hacker to gain full control over the application.
The vulnerability of the API framework components of the Sun ZFS Storage Appliance Kit AK is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the application by using network protocols...
Lenovo XClarity Administrator Parameter Injection Vulnerability
Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The solution supports simplified infrastructure management, faster server response, and improved performance of Lenovo server systems. A parameter injection vulnerability exists in the Web API in...
CVE-2018-11060
RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges...
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Exploit Title: Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Author: LiquidWorm Date: 2018-05-21 Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.6.5.2...
CVE-2018-0245
A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...
Mail.ru: [3k.mail.ru] - Content spoofing
Text content spoofing protection bypass within application interface in 3k.mail.ru. Text-only content spoofing reports are usually not accepted. This report was triaged, because application had protection which was bypassed by reseracher. 3k.mail.ru is not in bug bounty scope...
NetApp OnCommand API Services Information Disclosure Vulnerability
NetApp OnCommand API Services is the United States NetApp set of API management tools. An information disclosure vulnerability exists in versions of NetApp OnCommand API Services prior to 1.2P3. A remote attacker could exploit this vulnerability to obtain sensitive information...
Rancher Server Security Bypass Vulnerability
Rancher Server is an open source platform for Docker that integrates native Docker management features such as Docker Machine and Docker Swarm. A security vulnerability exists in Rancher Server version 1.2.0+. An attacker can exploit the vulnerability to disable access control with the help of AP...
CVE-2016-4594
The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call...
The vulnerability of Google Chrome browser allows a malicious actor to trigger a service failure.
The integer overflow in api.cc in Google V8 for Google Chrome allows malicious actors operating remotely to cause service failures or otherwise affect the system, by exploiting the large value of a variable...
The vulnerability of the application interface of IBM WebSphere Portal servers allows a hacker to gain access to read data or modify data.
The vulnerability of the application interface of IBM WebSphere Portal servers exists due to the lack of measures to eliminate special elements in LDAP requests implementation of LDAP. Exploiting this vulnerability allows a malicious actor to gain access to read data or modify data remotely...
Atlassian Bamboo Ignite Realtime Smack XMPP API Arbitrary Code Execution Vulnerability
Atlassian Bamboo is a set of continuous integration build tools from Atlassian Australia. A security vulnerability in the Ignite Realtime Smack XMPP API used in Atlassian Bamboo versions prior to 5.9.9 and 5.10.x prior to 5.10.0 can be exploited by remote attackers to execute arbitrary Java code...
The vulnerability of the application interface of the IBM WebSphere Portal server allows a hacker to modify elements of the content.
The vulnerability of the application interface of the IBM WebSphere Portal server is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to remotely modify content elements using the application interface...
RabbitMQ: /api/... XSS vulnerability
A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the...
Newphoria Photon Application Authentication Bypass Vulnerability
Newphoria Photon for Android is a suite of lighting applications based on the Android platform from the Japanese company Newphoria. A security restriction bypass vulnerability exists in the Newphoria Photon application. It allows attackers to bypass URL whitelisting protection mechanisms and gain...
The vulnerability of the Acrobat text viewing program allows a violator to circumvent access restrictions.
The vulnerability of the Acrobat text viewing program arises when using the JavaScript API, and it could allow a malicious actor to circumvent current access control regulations remotely...
foreman-proxy: failure to verify SSL certificates
It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted...