foreman: API not scoping resources to taxonomies

A flaw was found in the way foreman authorized user actions on resources via the API when an organization was not explicitly set. A remote attacker could use this flaw to obtain additional information about resources they were not authorized to access...

Cisco Access Control Server Remote Denial of Service Vulnerability

The Cisco Secure Access Control System is the access policy control platform. A remote denial of service vulnerability exists in the REST API in Cisco Access Control Server ACS version 5.5 0.46.2, which can be exploited by a remote attacker to cause a denial of service by sending numerous request...

Cisco Access Control Server Representational State Transfer Application Programming Interface Denial of Service Vulnerability

A vulnerability in the Representational State Transfer REST application programming interface API of the Cisco Access Control Server ACS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to how the ACS REST API handles increased...

foreman-proxy: failure to verify SSL certificates

It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted...

Cisco WebEx Meetings Server Authentication Bypass Vulnerability

Cisco WebEx Meetings are web conferencing solutions. An authentication bypass vulnerability in the play/modules component in Cisco WebEx Meetings Server allows remote attackers to gain administrator privileges via a crafted API request...

[SECURITY] Fedora 19 Update: python-2.7.5-15.fc19

Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as t...

CVE-2014-1996

Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call...

Cybozu Garoon 3 API access restriction bypass vulnerability

Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability CWE-264 when using Garoon APIs. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest...

UBUNTU-CVE-2014-1736

Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value...

DEBIAN-CVE-2014-0167

The Nova EC2 API security group implementation in OpenStack Compute Nova 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for 1 addrules, 2 removerules, 3 destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows...

PT-2014-3512 · Openstack +1 · Openstack Compute +1

Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions 2013.1 through 2013.2.3 OpenStack Compute Nova icehouse before icehouse-rc2 Description: The issue concerns the Nova EC2 API security group implementation, which fails to enforce Role-Based Access Control RBAC...

foreman: app/controllers/api/v1/hosts_controller.rb API privilege escalation

app/controllers/api/v1/hostscontroller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request...

Scientific Linux Security Update : perl-DBD-Pg on SL5.x, SL6.x i386/x86_64 (20120725)

Perl DBI is a database access Application Programming Interface API for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially crafted database warning or error message from a server could cause...

RedHat Update for perl-DBD-Pg RHSA-2012:1116-01

Check for the Version of perl-DBD-Pg OpenVAS Vulnerability Test RedHat Update for perl-DBD-Pg RHSA-2012:1116-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Sybase M-Business Anywhere (AvantGo) SOAP Server Detection

The remote service is a Sybase M-Business Anywhere formerly AvantGo SOAP Server, which provides a web-based programming interface to server administration tasks in M-Business, such as configuration, group, user, and web channel management. C Tenable Network Security, Inc. include"compat.inc"; if...

PT-2011-2779 · Cisco · Ciscoworks Common Services

Name of the Vulnerable Software and Affected Versions: CiscoWorks Common Services versions 3.3 and earlier Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the device parameter in the cwhp/device.center.do API endpoint in t...

[SECURITY] Fedora 13 Update: perl-libwww-perl-5.837-2.fc13

The libwww-perl collection is a set of Perl modules which provides a simple and consistent application programming interface to the World-Wide Web. The ma in focus of the library is to provide classes and functions that allow you to write WWW clients. The library also contain modules that are of...

CentOS Update for sblim-cmpi-base CESA-2008:0497 centos4 x86_64

Check for the Version of sblim-cmpi-base OpenVAS Vulnerability Test CentOS Update for sblim-cmpi-base CESA-2008:0497 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

VMware VIX API Multiple Buffer Overflow Vulnerabilities

VMware VIX, an application programming interface to manipulate virtual machines is installed on the remote host. The installed version of VMware VIX API is affected by multiple buffer overflow vulnerabilities. Successful exploitation of these issues could allow arbitrary code execution on the hos...

Microsoft Windows Speech Components sapi.dll Code Execution (MS08-032; CVE-2007-0675)

The ActiveX Speech Components sapi.dll is part of the Microsoft Speech Application Programming Interface SAPI that allows the use of speech recognition and speech synthesis within Windows applications. A remote code execution vulnerability has been reported in the ActiveX Speech Components...