CVE-2019-10692

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement...

CVE-2019-10692

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement...

Osmedeus - Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning

Osmedeus allow you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. How to use If you have no idea what are you doing just type the command below or check out the Advance Usage ./osmedeus.py -t example.com Installation git clone...

WP Google Maps 7.11.00-7.11.17 - Unauthenticated SQL Injection

The includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement, leading to an unauthenticated SQL injection issue. PoC curl -k --silent "http://example.com/index.php?restroute=3D/wpgmza/v1/markers/=3D%7B%7D&=fields=3D+from+wpusers+--+-"...

CVE-2019-10692

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement. Recent assessments: rootOptional at March 09, 2020 9:03pm UTC reported: This CVE is fairly obscure due to it being present in the WordPre...

CVE-2019-3879

It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges eg Basic Operations could exploit this flaw to...

CVE-2019-3879

It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges eg Basic Operations could exploit this flaw to...

Design/Logic Flaw

It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges eg Basic Operations could exploit this flaw to...

CVE-2019-3879

In oVirt, REST API before version 4.3.2.1 allows RemoveDiskCommand to run as an internal command, skipping permission validation and enabling a low-privilege user to delete disks attached to guests. A fix exists in 4.3.2.1 and later; upgrade to that version or apply the relevant Red Hat/oVirt upd...

CVE-2019-3879

It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges eg Basic Operations could exploit this flaw to...

CVE-2019-3879

It was discovered that in the ovirt REST API, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges e.g. Basic Operations could exploit this flaw to delete disks attached to...

CVE-2018-19365

The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request...

Design/Logic Flaw

The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request...

CVE-2018-19365

The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request...

CVE-2018-19365

Wowza Streaming Engine 4.7.4.01 REST API is vulnerable to directory-traversal, allowing remote attackers to read arbitrary files via crafted HTTP requests. Root cause: insufficient validation in the REST API path enables traversal of the server’s directory structure. Impact: potential unauthorize...

Low: Red Hat Security Advisory: openstack-ceilometer security and bug fix update

An update for openstack-ceilometer is now available for Red Hat OpenStack Platform 14.0 Rocky. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2017-7510

It is reported that the RHV 4 REST API exposes data used in cloud-init which can include the root password used when creating a system...

Low: Red Hat Security Advisory: openstack-ceilometer security and bug fix update

An update for openstack-ceilometer is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2018-18815

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability tha...

Authorization

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability tha...