185 matches found
DRUPAL-CONTRIB-2018-081
This module provides a JSON:API specification-compliant HTTP API for accessing and manipulating Drupal content and configuration entities. The module doesn't sufficiently check access when responding to certain filtered collection requests, thereby causing an access bypass vulnerability. This mea...
PatrOwl - Open Source, Free And Scalable Security Operations Orchestration Platform
PatrOwl is a scalable, free and open-source solution for orchestrating Security Operations. PatrowlManager is the Front-end application for managing the assets, reviewing risks on real-time, orchestrating the operations scans, searches, API calls, ..., aggregating the results, relaying alerts on...
Claymore Dual Miner Remote Code Execution(CVE-2018-1000049)
Hello everybody, today I will show you how I found a Remote Code Execution vulnerability on popular Claymore Dual Miner developed by nanopool which you can download from GitHub here. Before continuing to read I want to clarify that I already emailed nanopool without receiving any kind or response...
DRUPAL-CONTRIB-2018-016
This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't sufficiently check access when viewing related resources or relationships, thereby causing an access bypass vulnerability. This vulnerability is...
Claymore Dual GPU Miner 10.5 Format String Vulnerability
Exploit for multiple platform in category remote exploits Claymore Dual Gpu Miner = 10.5 Format Strings Vulnerability ======================================================================= product: Claymore's Dual Miner vulnerable version: = 10.5 fixed version: 10.6 CVE number: - CVE-2018a6317...
[SECURITY] Fedora 26 Update: couchdb-1.7.1-3.fc26
Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API. Among other features, it provides robust, incremental replication with bi-directional conflict detection and resolution, and is queryable and indexable using a...
CVE-2016-7040
CVE-2016-7040 affects Red Hat CloudForms Management Engine (CFME) 4.1. A input-validation flaw in how CFME handles regular expressions passed to the expression engine via the JSON API and the web UI allows remote authenticated users to execute arbitrary shell commands by viewing/filtering collect...
CVE-2016-7040
Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections...
Important: Red Hat Security Advisory: CFME 4.1 bug fixes and enhancement update
Updated cfme packages that fix bugs and add various enhancements are now available for Red Hat CloudForms 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2016-5668
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call...
Authentication flaw
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call...
CVE-2016-5668
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call...
CVE-2016-5668
CVE-2016-5668 affects Crestron DM-TXRX-100-STR devices running firmware before 1.3039.00040. The vulnerability is an authentication bypass in the device’s web management interface, where a JSON API call can modify device settings without authentication (Missing Authentication for Critical Functio...
Docebo LMS 6.9 - (Moxie) API Calls RST RCE Vulnerability
Document Title: =============== Docebo LMS 6.9 - Moxie API Calls RST RCE Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1888 Video: http://www.vulnerability-lab.com/getcontent.php?id=1892 Release Date: ============= 2016-08-01 Vulnerabilit...
SQLMap Web Front End
PHP Front end to work with the SQLMAP JSON API Server sqlmapapi.py to allow for a Web GUI to drive near full functionality of SQLMAP! Windows 2003 Server, IIS/6.0 + ASP + MS-SQL 2005 SQLMap Web GUI Requirements: Linux, Apache, PHP check your favorite distro’s wiki or forum pages, or use google PH...
[SECURITY] Fedora 20 Update: couchdb-1.6.1-4.fc20
Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API. Among other features, it provides robust, incremental replication with bi-directional conflict detection and resolution, and is queryable and indexable using a...
[SECURITY] Fedora 20 Update: couchdb-1.6.0-9.fc20
Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API. Among other features, it provides robust, incremental replication with bi-directional conflict detection and resolution, and is queryable and indexable using a...
SEC Consult SA-20131004-0 :: SQL injection vulnerability in Zabbix
SEC Consult Vulnerability Lab Security Advisory 20131004-0 ======================================================================= title: SQL injection vulnerability product: Zabbix vulnerable version: =2.0.8 fixed version: 2.0.9rc1 CVE number: CVE-2013-5743 impact: critical homepage:...
Fedora Update for couchdb FEDORA-2013-1375
Check for the Version of couchdb OpenVAS Vulnerability Test Fedora Update for couchdb FEDORA-2013-1375 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Liferay JSON Server API Authentication
============================================= - Release date: August 3rd, 2012 - Discovered by: Danilo Massa & Enrico Cinquini - Severity: High ============================================= I. VULNERABILITY ------------------------- Liferay JSON service API authentication vulnerability II...