CVE-2019-15985

CVE-2019-15985 corresponds to multiple SQL injection vulnerabilities in Cisco Data Center Network Manager (DCNM) REST and SOAP APIs. Affected versions are DCNM prior to 11.3(1). An authenticated, remote attacker with administrative privileges can exploit insufficient input validation to execute a...

CVE-2019-15985 Cisco Data Center Network Manager SQL Injection Vulnerabilities

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DC...

CVE-2019-15985 Cisco Data Center Network Manager SQL Injection Vulnerabilities

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DC...

Fedora 30 : wordpress (2019-da7b49a4b1)

WordPress 5.3.2 Maintenance Release Shortly after WordPress 5.3.1 was released, a couple of high severity Trac tickets were opened. The Core team scheduled this quick maintenance release to resolve these issues. Main issues addressed in 5.3.2 : - Date/Time: Ensure that getfeedbuilddate correctly...

Fedora 31 : wordpress (2019-e16ba9e54e)

WordPress 5.3.2 Maintenance Release Shortly after WordPress 5.3.1 was released, a couple of high severity Trac tickets were opened. The Core team scheduled this quick maintenance release to resolve these issues. Main issues addressed in 5.3.2 : - Date/Time: Ensure that getfeedbuilddate correctly...

U.S. Dept Of Defense: Bypassing CORS Misconfiguration Leads to Sensitive Exposure

Hi! Security Team @deptofdefense, It's possible to get information about the users registered such as: id, name, login name, etc. without authentication in Wordpress via API on . ███████. Description: By default Wordpress allow public access to Rest API to get informations about all users...

CVE-2019-20329

OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL server for the REST API on TCP port 5000...

Code injection

OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL server for the REST API on TCP port 5000...

BuddyPress 5.0.0 - 5.1.1 - Private Data Exposure via REST API

Certain REST API requests could result in the exposure of private data...

Cisco Data Center Network Manager getZoneListByZoneNameAndParentId SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

CVE-2019-20329

OpenLambda (release 2019-09-10) contains a DNS rebinding vulnerability affecting the OL server hosting the REST API on TCP port 5000. The issue enables potential DNS rebinding attacks against the server as described in multiple sources linked to CVE-2019-20329. The concrete impact and available f...

CVE-2019-20329

OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL server for the REST API on TCP port 5000...

CVE-2010-3782

obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation...

Information disclosure

obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation...

CVE-2010-3782

CVE-2010-3782 affects obs-server prior to 1.7.7, where a bug in the REST API implementation allows login by 'unconfirmed' accounts. This exposes unauthorized access through the authentication flow. The practical impact is limited to systems running affected obs-server versions and relying on unco...

CVE-2010-3782

obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation...

CVE-2010-3782

obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation...

Cisco Data Center Network Manager SQL Injection Vulnerabilities

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DC...

Cisco Data Center Network Manager Command Injection Vulnerabilities

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system OS. For more information about...

Exploit for SQL Injection in Redmine

CVE-2019-18890 CVE-2019-18890 POC Proof of Concept REDMINE...