WordPress Multiple Vulnerabilities (Dec 2019) - Windows

WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...

WordPress <= 5.3 - Authenticated Improper Access Controls in REST API

Description An unprivileged user could make a post sticky via the REST API. Authenticated users who do not have the rights to publish a post were able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass...

wordpress -- multiple issues

wordpress developers reports: Four security issues affect WordPress versions 5.3 and earlier; version 5.3.1 fixes them, so youll want to upgrade. If you havent yet updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues. -Props to Daniel Bachhuber for findi...

CVE-2014-0026

katello-headpin is vulnerable to CSRF in REST API...

Cross site request forgery (csrf)

katello-headpin is vulnerable to CSRF in REST API...

CVE-2014-0026

katello-headpin is vulnerable to CSRF in REST API...

CVE-2014-0026

CVE-2014-0026 applies to katello-headpin and is due to a CSRF vulnerability in the REST API. The issue is listed with CVSS vectors (2.0: AV:N/AC:M/Au:N/C:N/I:P/A:N; 3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) indicating network access, no confidentiality impact, partial integrity impact, a...

Cisco IOS XE Software REST API Authorization Bypass (cisco-sa-20180328-rest)

According to its self-reported version, Cisco IOS XE Software is affected by an authorization bypass vulnerability in the REST API due to insufficient authorization checks for requests that are sent to the REST API of the affected software. An authenticated, remote attacker can exploit this, by...

CVE-2013-4410

ReviewBoard: has an access-control problem in REST API...

Design/Logic Flaw

ReviewBoard: has an access-control problem in REST API...

CVE-2013-4410

ReviewBoard: has an access-control problem in REST API...

CVE-2013-4410

CVE-2013-4410 affects ReviewBoard with an access-control issue in its REST API. The NVD entry records a CVSS v3.1 base score of 7.5 (Network, Low attack complexity, No privileges required, Confidentiality impact High; others none). Public references describe the flaw as an access-control problem ...

Input validation

A vulnerability in the REST API of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input...

CVE-2019-15958

CVE-2019-15958 affects Cisco Prime Infrastructure (PI) and Cisco EPNM. A REST API input-validation flaw during High Availability (HA) configuration/registration allows an unauthenticated remote attacker to upload a malicious file and execute arbitrary code with root privileges on the underlying O...

CVE-2019-15958 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability

A vulnerability in the REST API of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input...

CVE-2019-15958 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability

A vulnerability in the REST API of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input...

The vulnerability of Modicon microprogrammed controllers, related to the use of the Modbus service provided by the REST API, allows a hacker to disclose protected information.

The vulnerability of Modicon controller’s microprogrammed software is related to the use of the Modbus service provided by the REST API. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

Fedora 30 : rsyslog (2019-1fb95ae48d)

rebase to upstream version 8.1911.0 ------------------------------------------------- new modules available : - ClickHouse output - generic REST API http output - docker API input - misc. external program input takes output of specified binary as log source Note that Tenable Network Security has...

Fedora 31 : rsyslog (2019-ea7d5876a4)

rebase to upstream version 8.1911.0 ------------------------------------------------- new modules available : - ClickHouse output - generic REST API http output - docker API input - misc. external program input takes output of specified binary as log source Note that Tenable Network Security has...

Atlassian Confluence 6.15.1 - Directory Traversal Exploit

Exploit for jsp platform in category web applications Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft Windows ...