CVE-2018-6907

A Cross Site Request Forgery CSRF vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API...

Cross site scripting

A persistent Cross Site Scripting XSS vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API...

Cross site request forgery (csrf)

A Cross Site Request Forgery CSRF vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API...

CVE-2018-6906

A persistent Cross Site Scripting XSS vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API...

CVE-2018-6907

The CVE-2018-6907 entry describes a CSRF vulnerability in Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application that could allow an attacker to control the RainMachine device via its REST API. Documents consistently identify the affected components as the RainMachi...

CVE-2018-6906

A persistent Cross Site Scripting XSS vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API...

CVE-2018-6907

A Cross Site Request Forgery CSRF vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API...

EZSA-2018-008 REST API returns list of all SiteAccesses

More info at http://share.ez.no/community-project/security-advisories/ezsa-2018-008-rest-api-returns-list-of-all-siteaccesses...

Restlet Framework Ja-rs extension is vulnerable to XXE when using SimpleXMLProvider

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension...

GHSA-CVJ4-G3GX-8VQQ Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities not parameter external entities are properly considered. This is related to XmlRepresentation, DOMRepresentatio...

Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities not parameter external entities are properly considered. This is related to XmlRepresentation, DOMRepresentatio...

FLIR Systems FLIR Brickstream 3D+ Unauthenticated Config Download File Disclosure

FLIR Systems FLIR Brickstream 3D+ Unauthenticated Config Download File Disclosure Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842 Api: 1.0.0 Node: 0.10.33 Onvif: 0.1.1.47 Summary: The Brickstream line of sensors provides highly...

FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Vulnerability

Exploit for hardware platform in category web applications Exploit Title: FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842,...

FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure

FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Exploit Title: FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842,...

FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure

Exploit Title: FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842, Api: 1.0.0, Node: 0.10.33, Onvif: 0.1.1.47 Tested on: Tita...

Authorization

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this...

CVE-2018-0460 Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this...

CVE-2018-0460 Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this...

CVE-2018-0460

CVE-2018-0460 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) REST API. The vulnerability arises from insufficient authorization and parameter validation, enabling an authenticated, remote attacker to read arbitrary files on an affected system. Exploitation requires the attacker to u...

WordPress Breadcrumb NavXT plugin <= 6.1.0 - Username Disclosure via REST API

Username Disclosure via REST API issue found by Janek Vind in WordPress Breadcrumb NavXT plugin versions = 6.1.0. Solution Update the WordPress Breadcrumb NavXT plugin to the latest available version at least 6.2.0...