454 matches found
Apache CouchDB 2.3.0 - Cross-Site Scripting
Apache CouchDB 2.3.0 - Cross-Site Scripting Exploit Title: Apache CouchDB 2.3.0 | Cross-Site Scripting Date: 17.02.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.0 Introduction A CouchDB server hosts named...
Apache CouchDB 2.3.0 - Cross-Site Scripting
Exploit Title: Apache CouchDB 2.3.0 | Cross-Site Scripting Date: 17.02.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.0 Introduction A CouchDB server hosts named databases, which store documents. Each...
Apache CouchDB 2.3.0 - Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Apache CouchDB 2.3.0 | Cross-Site Scripting Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.0 Introduction A CouchDB server hosts named...
CVE-2018-13792
Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter...
Sql injection
Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter...
CVE-2018-13792
Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter...
CVE-2018-13792
Technical details such as affected versions, root cause, and remediation are not publicly provided in the supplied documents. Monitor for updates.
Path traversal
Helm ChartMuseum version =0.1.0 and 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in HTTP API to save charts that can result in a specially crafted chart could be uploaded and saved outside the intended location. This attack...
CVE-2019-1000009
Helm ChartMuseum version =0.1.0 and 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in HTTP API to save charts that can result in a specially crafted chart could be uploaded and saved outside the intended location. This attack...
CVE-2019-1000009
Helm ChartMuseum version =0.1.0 and 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in HTTP API to save charts that can result in a specially crafted chart could be uploaded and saved outside the intended location. This attack...
CVE-2019-1000009
Helm ChartMuseum version =0.1.0 and 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in HTTP API to save charts that can result in a specially crafted chart could be uploaded and saved outside the intended location. This attack...
CVE-2019-1000009
Helm ChartMuseum versions >=0.1.0 and
FreeBSD : couchdb -- administrator privilege escalation (1999a215-fc6b-11e8-8a95-ac1f6b67e138)
Apache CouchDB PMC reports : Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases. C Tenable Network Security, Inc. The descriptive text and...
couchdb -- administrator privilege escalation
Apache CouchDB PMC reports: Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases...
Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...
[SECURITY] Fedora 28 Update: python-marshmallow-2.11.1-8.fc28
Marshmallow is a framework-agnostic library for converting complex datatype s, such as objects, to and from primitive Python datatypes. Marshmallow schemas can be used to: Validate input data. Deserialize input data to app-level objects. Serialize app-level objects to primitive Python types. The...
[SECURITY] Fedora 27 Update: python-marshmallow-2.11.1-8.fc27
Marshmallow is a framework-agnostic library for converting complex datatype s, such as objects, to and from primitive Python datatypes. Marshmallow schemas can be used to: Validate input data. Deserialize input data to app-level objects. Serialize app-level objects to primitive Python types. The...
ThreatList: Microsoft IIS Sees Triple-Digit Spike in Cyberattack Volume
Internet Information Services IIS, an extensible web server originally created by Microsoft for use with the Windows NT family, saw a whopping 782x increase in cyberattacks during the second quarter, according to analysis. According to eSentire’s latest threat report based on data gathered from...
[SECURITY] Fedora 29 Update: python-marshmallow-2.11.1-8.fc29
Marshmallow is a framework-agnostic library for converting complex datatype s, such as objects, to and from primitive Python datatypes. Marshmallow schemas can be used to: Validate input data. Deserialize input data to app-level objects. Serialize app-level objects to primitive Python types. The...
Unitrends UEB HTTP API Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unitrends UEB http api remote code execution', 'Description' = %q It was discovered that the api/storage web interface in Unitrends Backup UB...