295 matches found
JSON-RPC API allows anonymous content rendering
The renderContent method can be used by anonymous users, leaking information, and allowing macro execution. Should the entire JSON-RPC be inaccessible to anonymous users if anonymous users can't use confluence?...
JSON-RPC API allows anonymous content rendering
The renderContent method can be used by anonymous users, leaking information, and allowing macro execution. Should the entire JSON-RPC be inaccessible to anonymous users if anonymous users can't use confluence?...
Bitcoin Client Detection (JSON/RPC)
Binary data 8066.prm...
JSON-RPC API functions available anonymously even though anonymous API access is disabled.
The summary says it all really. The functions listed below can be used on our confluence service even though we have Anonymous API Access disabled check box not checked in admin control panel. This is an issue when it comes to confluence sites that have sensitive user or group information...
JSON-RPC API functions available anonymously even though anonymous API access is disabled.
The summary says it all really. The functions listed below can be used on our confluence service even though we have Anonymous API Access disabled check box not checked in admin control panel. This is an issue when it comes to confluence sites that have sensitive user or group information...
Bugzilla jsonrpc.cgi 跨站请求伪造漏洞
BUGTRAQ ID: 51783 CVE ID: CVE-2012-0440 Bugzilla是一个开源的缺陷跟踪系统,它可以管理软件开发中缺陷的提交,修复,关闭等整个生命周期。 Bugzilla在jsonrpc.cgi的实现上存在CSRF安全漏洞,成功利用这些漏洞可允许攻击者劫持任意用户使用JSON-RPC API的身份验证请求。 0 Mozilla Bugzilla 4.x 厂商补丁: Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mozilla.org/security/...
FreeBSD Ports: bugzilla
The remote host is missing an update to the system as announced in the referenced advisory. VID 309542b5-50b9-11e1-b0d8-00151735203a OpenVAS Vulnerability Test $ Description: Auto generated from VID 309542b5-50b9-11e1-b0d8-00151735203a Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
FreeBSD : bugzilla -- multiple vulnerabilities (309542b5-50b9-11e1-b0d8-00151735203a)
A Bugzilla Security Advisory reports : The following security issues have been discovered in Bugzilla : - Account Impersonation : When a user creates a new account, Bugzilla doesn't correctly reject email addresses containing non-ASCII characters, which could be used to impersonate another user...
CVE-2012-0440
Cross-site request forgery CSRF vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API...
CVE-2012-0440
Cross-site request forgery CSRF vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API...
CVE-2012-0440
CVE-2012-0440 is a CSRF vulnerability in Bugzilla’s JSON-RPC API (jsonrpc.cgi) that could allow an attacker to hijack the authentication of arbitrary users for JSON-RPC requests. Affected Bugzilla versions include 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x bef...
CVE-2012-0440
Cross-site request forgery CSRF vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Account Impersonation: When a user creates a new account, Bugzilla doesn't correctly reject email addresses containing non-ASCII characters, which could be used to impersonate another user accoun...
bitcoinrpc-info NSE Script
Obtains information from a Bitcoin server by calling getinfo on its JSON-RPC interface. Script Arguments creds.global http credentials used for the query user:pass slaxml.debug See the documentation for the slaxml library. creds.service See the documentation for the creds library. http.host,...