SQL Injection

cfme is vulnerable to SQL injection. The vulnerability exists by sending a request through the REST API, to an SQL filter...

Authentication Bypass

The openstack-heat packages provide heat, a Python implementation of the OpenStack Orchestration engine, to launch multiple composite cloud applications based on templates. It was found that heat did not properly enforce cloudformation-compatible API policy rules. An in-instance attacker could us...

Low: Red Hat Security Advisory: openstack-ceilometer security update

An update for openstack-ceilometer is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Osmedeus - Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning

Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. How to use If you have no idea what are you doing just type the command below or check out the Advanced Usage ./osmedeus.py -t example.com Installation git clone...

Fortinet FortiManager Unencrypted Password Vulnerability (FG-IR-18-051)

The version of FortiManager running on the remote device is 5.2.x and prior to 5.2.8 or 5.4.x and prior to 5.4.2. It is, therefore, affected by an information disclosure vulnerability due to a cleartext transmission of sensitive information in the REST API json responses. A user performing a man ...

Design/Logic Flaw

A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses...

CVE-2018-1360

Fortinet FortiManager 5.2.x (<=5.2.7) and 5.4.x (

CVE-2018-1360

A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses...

Immunity Canvas: SNAPD_UID_OVERWRITE

Name| snapduidoverwrite ---|--- CVE| CVE-2019-7304 Exploit Pack| CANVAS Description| snapduidoverwrite Notes| CVE Name: CVE-2019-7304 VENDOR: snapd team NOTES: The snapd service runs as an REST API using a Unix Domain Socket, is possible to send request when the uid is 0 root, the vulnerability i...

FortiManager Unencrypted Password Vulnerability

A cleartext transmission of sensitive information vulnerability in FortiManager may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses...

Cross site scripting

A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2...

CVE-2014-1427

A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2...

CVE-2014-1427

A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2...

CVE-2014-1427

Ubuntu MAAS contains a Cross-Site Scripting vulnerability in its REST API. The issue affects MAAS versions prior to 1.9.2 and can allow an attacker to cause a logged-in user to execute commands via malicious input, due to insufficient validation in the web application. The root cause is tied to R...

CVE-2014-1427 MAAS API vulnerable to CSRF attack

A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2...

CVE-2019-0039

If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password...

Default configuration

If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password...

CVE-2019-0039

CVE-2019-0039 affects Junos OS where REST API is enabled, enabling brute-force login attempts due to a high default connection limit. Publicly documented details list affected Junos OS versions (e.g., 14.1X53 before 14.1X53-D49; 15.1 family before various 15.x builds; up to 18.3R1-S1), with remed...

CVE-2019-0039 Junos OS: Login credentials are vulnerable to brute force attacks through the REST API

If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password...

WordPress wp-google-maps plugin input validation error vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-google-maps plugin is a Google Maps plugin used in it. An input validation error vulnerability exists in the...