175 matches found
Code injection
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API SEC-76...
CVE-2016-10843
Summary: CVE-2016-10843 affects cPanel prior to 11.54.0.4 and allows code execution in the context of shared users via the JSON-API (SEC-76). Affected product/vector: cPanel software; vulnerability arises through the JSON-API, enabling code execution in shared-user context. Root cause / impact: N...
CVE-2016-10843
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API SEC-76...
CVE-2019-3702
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LSRM33.7.0 2421 allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request...
Remote code execution
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LSRM33.7.0 2421 allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request...
CVE-2019-3702
CVE-2019-3702 affects Lifesize Icon LS_RM3_3.7.0 (2421). The vulnerability is a Remote Code Execution in the DNS Query Web UI, exploitable by an authenticated attacker who crafts a DNS Query address field in a JSON API request. Connected sources reiterate the issue but do not provide exploitation...
CVE-2019-3702
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LSRM33.7.0 2421 allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request...
CVE-2019-6340 Drupal core - Highly critical - Remote Code Execution
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core...
JSON:API - Highly critical - Remote code execution - SA-CONTRIB-2019-019
This resolves issues described in SA-CORE-2019-003 for this module...
Remote Code Execution (RCE)
cfme is vulnerable to remote code execution RCE attacks. The vulnerability exists as Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute...
DRUPAL-CONTRIB-2018-081
This module provides a JSON:API specification-compliant HTTP API for accessing and manipulating Drupal content and configuration entities. The module doesn't sufficiently check access when responding to certain filtered collection requests, thereby causing an access bypass vulnerability. This mea...
PatrOwl - Open Source, Free And Scalable Security Operations Orchestration Platform
PatrOwl is a scalable, free and open-source solution for orchestrating Security Operations. PatrowlManager is the Front-end application for managing the assets, reviewing risks on real-time, orchestrating the operations scans, searches, API calls, ..., aggregating the results, relaying alerts on...
Claymore Dual Miner Remote Code Execution(CVE-2018-1000049)
Hello everybody, today I will show you how I found a Remote Code Execution vulnerability on popular Claymore Dual Miner developed by nanopool which you can download from GitHub here. Before continuing to read I want to clarify that I already emailed nanopool without receiving any kind or response...
DRUPAL-CONTRIB-2018-016
This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't sufficiently check access when viewing related resources or relationships, thereby causing an access bypass vulnerability. This vulnerability is...
Claymore Dual GPU Miner 10.5 Format String Vulnerability
Exploit for multiple platform in category remote exploits Claymore Dual Gpu Miner = 10.5 Format Strings Vulnerability ======================================================================= product: Claymore's Dual Miner vulnerable version: = 10.5 fixed version: 10.6 CVE number: - CVE-2018a6317...
[SECURITY] Fedora 26 Update: couchdb-1.7.1-3.fc26
Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API. Among other features, it provides robust, incremental replication with bi-directional conflict detection and resolution, and is queryable and indexable using a...
CVE-2016-7040
CVE-2016-7040 affects Red Hat CloudForms Management Engine (CFME) 4.1. A input-validation flaw in how CFME handles regular expressions passed to the expression engine via the JSON API and the web UI allows remote authenticated users to execute arbitrary shell commands by viewing/filtering collect...
CVE-2016-7040
Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections...
Important: Red Hat Security Advisory: CFME 4.1 bug fixes and enhancement update
Updated cfme packages that fix bugs and add various enhancements are now available for Red Hat CloudForms 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2016-5668
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call...