CVE-2020-3242

CVE-2020-3242 – Cisco UCS Director Information Disclosure : A vulnerability in the REST API could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The issue arises because confidential information is returned as par...

h1-ctf: [H1-2006 2020] Exploiting multiple vulnerabilities to get hacker's payment ensured

Last week, Hackerone’s CEO Marten lost his credentials for BountyPay. A tweet from hackerone’s official twitter account asked for help from ethical hackers and bounty hunters to help the CEO recover his credentials and insure May’s payments. As an active bug hunter on Hackerone, I decided to take...

REST API - Deactivate the REST API

h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is active by default and there is no way to deactivate. It should have a similar option like the Enabling the Remote...

REST API - Deactivate the REST API

h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is active by default and there is no way to deactivate. It should have a similar option like the Enabling the Remote...

CVE-2020-9042

In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request...

Cross site request forgery (csrf)

In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request...

CVE-2020-9042

In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request...

CVE-2020-9042

The provided sources describe a CSRF vulnerability in Couchbase Server 6.0 where credentials cached in a browser can be abused to perform a CSRF attack if an administrator has used the browser to view REST API results. Concrete exploit/impact details beyond this (specific vectors, affected versio...

Cisco UCS Director Cloupia Script Remote Code Execution Exploit

This Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director versions prior to 6.7.4.0 to leak the administrator's REST API key and execute a Cloupia script containing an arbitrary root command. Note that the primary functionality of this module is to...

Cisco UCS Director Cloupia Script - Remote Code Execution

This Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco UCS Director Cloupia Script RCE',...

Cisco UCS Director Cloupia Script Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco UCS Director Cloupia Script RCE', 'Description' = %q This module exploits an authentication bypass and directory traversals in Cisco UCS...

Cisco UCS Director Cloupia Script RCE

This module exploits an authentication bypass and directory traversals in Cisco UCS Director 'Cisco UCS Director Cloupia Script RCE', 'Description' = %q This module exploits an authentication bypass and directory traversals in Cisco UCS Director 6.7.4.0 to leak the administrator's REST API key an...

The vulnerability of the REST API interface of the Cisco UCS Director management tool allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the REST API interface of the Cisco UCS Director management tool for physical infrastructure and virtual environments is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to...

The vulnerability of the REST API interface for controlling physical infrastructure and virtual environments in Cisco UCS Director and Cisco UCS Director Express for Big Data allows a attacker to execute arbitrary code.

The vulnerability of the REST API interface for controlling physical infrastructure and virtual environments of Cisco UCS Director and Cisco UCS Director Express for Big Data is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute...

Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases

More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data. The investigation, led by Bob Diachenko...

TeamPass Authorization Control Vulnerability

TeamPass is an open source password manager. A security vulnerability exists in the REST API functionality in TeamPass 2.1.27.36 and earlier versions. An attacker can exploit this vulnerability to gain TeamPass administrator privileges and read or change all passwords...

Missing API Authorization Checks

TeamPass has missing API authorization checks. The application does not properly enforce authorization controls in REST API functions, allowing any user with a valid token to act as administrator and to modify another user's passwords using authenticated api/index.php REST API calls...

CVE-2020-5333

RSA Archer, versions prior to 6.7 P3 6.7.0.3, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information...

CVE-2020-5333

RSA Archer, versions prior to 6.7 P3 6.7.0.3, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information...

Authorization

RSA Archer, versions prior to 6.7 P3 6.7.0.3, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information...