455 matches found
Unitrends UEB HTTP API Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unitrends UEB http api remote code execution', 'Description' = %q It was discovered that the api/storage web interface in Unitrends Backup UB...
SUSE-SU-2018:2765-1 Security update for couchdb
This update for couchdb fixes the following security issues: - CVE-2018-8007: Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it was possible for a CouchDB...
SUSE-SU-2018:2578-1 Security update for couchdb
This update for couchdb to 1.7.2 fixes the following security issues: - CVE-2018-8007: Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it was possible for a CouchDB...
Apache CouchDB < 2.2.0 Privilege Escalation Vulnerability - Windows
Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...
Apache CouchDB 1.x < 1.7.2, 2.x < 2.1.2 Privilege Escalation Vulnerability - Linux
Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...
CVE-2018-11769
CouchDB administrative users before 2.2.0 can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's...
CVE-2018-11769
CouchDB administrative users before 2.2.0 can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's...
CVE-2018-11769
CouchDB administrative users before 2.2.0 can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's...
Input validation
CouchDB administrative users before 2.2.0 can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's...
CVE-2018-11769
CVE-2018-11769 affects CouchDB admin users prior to 2.2.0, allowing an administrator to bypass HTTP API configuration restrictions and escalate to the operating system user running CouchDB, effectively enabling arbitrary remote code execution. The issue arises from insufficient validation of admi...
CVE-2018-11769
CouchDB administrative users before 2.2.0 can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's...
Apache CouchDB 1.x < 1.7.2, 2.x < 2.1.2 Privilege Escalation Vulnerability - Windows
Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...
CVE-2018-8007
Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user th...
CVE-2018-8007
Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user th...
CVE-2018-8007
Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user th...
CVE-2018-8007
Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user th...
CVE-2018-13791
The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter...
Design/Logic Flaw
The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter...
Cross site request forgery (csrf)
Multiple Cross Site Request Forgery CSRF vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login...
CVE-2018-13793
Multiple Cross Site Request Forgery CSRF vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login...