CVE-2018-13791

CVE-2018-13791 affects ABBYY FlexiCapture before 12 Release 1 Update 7. The HTTP API vulnerability enables access control bypass through the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter, exposing partial to high-impact consequences per the provided CVSS data (network...

CVE-2018-13791

The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter...

CVE-2018-13793

Multiple Cross Site Request Forgery CSRF vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login...

Roku TV, Sonos Speaker Devices Open to Takeover

The DNS rebinding flaw reported in Google Home and Chromecast devices earlier this week is about to get a patch — but the same type of flaws have come to light for other top-name consumer Internet of Things devices, from Roku and Sonos. Fortunately, Roku has already started deploying its update,...

couchdb -- administrator privilege escalation

Apache CouchDB PMC reports: Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases...

Radio Thermostat CT50 and CT80 Local HTTP API Unauthorized Access Vulnerability

Radio Thermostat CT50 and CT80 are both touchscreen thermostat products from Radio Thermostat USA. This product manages the heating and cooling systems in a home.Local HTTP API is one of the local HTTP interfaces. A security vulnerability exists in the Local HTTP API in Radio Thermostat CT50 and...

Information disclosure

The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat theat request that accesses a device purchased in the Spring of 2018, and sets a...

CVE-2018-11315

CVE-2018-11315 affects Radio Thermostat CT50/CT80 Local HTTP API (firmware 1.04.84 and earlier). The vulnerability arises from unauthorized access enabled by DNS rebinding, enabling a remote attacker to issue commands via the Local HTTP API and, as described, potentially control device temperatur...

CVE-2018-11315

The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat theat request that accesses a device purchased in the Spring of 2018, and sets a...

Semmle: Docker Registry HTTP API v2 exposed in HTTP without authentication leads to docker images dumping and poisoning

Summary: Docker Registry HTTP API v2 is exposed in HTTP without authentication. An attacker can use it to dump your docker images and poison them. Description: While digging into the environment that hosts the sandboxed build container, I came across the port 5000 open on another machine probably...

Jolokia Vulnerabilities - RCE & XSS(CVE-2018-1000130,CVE-2018-1000129)

Recently, during a client engagement, Gotham Digital Science found a couple of zero-day vulnerabilities in the Jolokia service. Jolokia is an open source product that provides an HTTP API interface for JMX Java Management Extensions technology. It contains an API we can use for calling MBeans...

Debian: Security Advisory (DLA-1046-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

couchdb -- multiple vulnerabilities

Apache CouchDB PMC reports: Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases...

Circle with Disney Token Routing Vulnerability(CVE-2017-12085)

Summary An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability. Tested...

Unitrends UEB 9 HTTP API/Storage Remote Root(CVE-2017-12478)

No description provided by source. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unitrends UEB 9 http api/storage remote root', 'Description' = %q It was discovered that the api/storage web...

Unitrends UEB 9 HTTP API/Storage Remote Root Exploit

It was discovered that the api/storage web interface in Unitrends Backup UB before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. Th...

Unitrends UEB 9 HTTP API/Storage Remote Root

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unitrends UEB 9 http api/storage remote root', 'Description' = %q It was discovered that the api/storage web interface in Unitrends Backup UB...

CVE-2017-15300

The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made such as "GET / HTTP/1.1", which allows for a Denial of Service attack preventing a user from viewing their mining statistics by an attacker opening a session...

Design/Logic Flaw

The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made such as "GET / HTTP/1.1", which allows for a Denial of Service attack preventing a user from viewing their mining statistics by an attacker opening a session...

CVE-2017-15300

The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made such as "GET / HTTP/1.1", which allows for a Denial of Service attack preventing a user from viewing their mining statistics by an attacker opening a session...