WordPress Breadcrumb NavXT plugin <= 6.1.0 - Username Disclosure via REST API

Username Disclosure via REST API issue found by Janek Vind in WordPress Breadcrumb NavXT plugin versions = 6.1.0. Solution Update the WordPress Breadcrumb NavXT plugin to the latest available version at least 6.2.0...

Gurp - Golang command-line interface to Burp Suite's REST API

Requirements BurpSuite Professional v2.0.0beta or greater from PortSwigger Dependencies go get -u -v github.com/fatih/color go get -u -v github.com/integrii/flaggy go get -u -v github.com/tidwall/gjson go get -u -v github.com/grokify/html-strip-tags-go Binaries Latest version available here...

Breadcrumb NavXT <= 6.1.0 - Username Disclosure via REST API

The Breadcrumb NavXT WordPress plugin was affected by an Username Disclosure via REST API security vulnerability. PoC http://www.example.com/wp-json/bcn/v1/author/1...

Breadcrumb NavXT <= 6.1.0 - Username Disclosure via REST API

The Breadcrumb NavXT WordPress plugin was affected by an Username Disclosure via REST API security vulnerability. http://www.example.com/wp-json/bcn/v1/author/1...

WordPress Breadcrumb NavXT 6.1.0 Username Disclosure

Exploit for php platform in category web applications Username Disclosure in Breadcrumb NavXT Wordpress plugin ============================================================ Author: Janek Vind "waraxe" Date: 26. September 2018 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-108.html...

WordPress Breadcrumb NavXT 6.1.0 Username Disclosure

waraxe-2018-SA108 - Username Disclosure in Breadcrumb NavXT Wordpress plugin ================================================================================ Author: Janek Vind "waraxe" Date: 26. September 2018 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-108.html Target descriptio...

Burpcommander - Ruby Command-Line Interface To Burp Suite's REST API

Ruby command-line interface to Burp Suite's REST API Usage burpcommander VERSION: 1.0.1 - UPDATED: 08/29/2018 -t, --target IP Address Defaults to 127.0.0.1 -p, --port Port Number Defaults to 1337 -k, --key API Key If you require an API key specify it here -i, --issue-type-id String String to sear...

Pimcore Gather Credentials via SQL Injection

This module extracts the usernames and hashed passwords of all users of the Pimcore web service by exploiting a SQL injection vulnerability in Pimcore's REST API. Pimcore begins to create password hashes by concatenating a user's username, the name of the application, and the user's password in t...

oBike Electronic Lock Bypass

CVE-2018-16242 - oBike Electronic Lock Bypass Product: oBike bicycle-sharing service Vendor: oBike Inc. CVE ID: CVE-2018-16242 Subject: Access control bypass by replay attack on predictable nonce Effect: Unauthorized unlocking of bikes, cirumventing the ride-fees Author: Antoine Neuenschwander...

Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this...

Couchbase Server Remote Code Execution Vulnerability

Couchbase Server allows for authenticated users to send arbitrary erlang code to diag/eval. Couchbase Server Remote Code Execution Vulnerability Description: Couchbase Server 1 exposes REST API 2 which by default is available on TCP/8091 and/or TCP/18091. Authenticated users can send arbitrary...

Couchbase Server Remote Code Execution

Hey, Description: Couchbase Server 1 exposes REST API 2 which by default is available on TCP/8091 and/or TCP/18091. Authenticated users can send arbitrary Erlang code to 'diag/eval' endpoint of the API. The code will be subsequently executed in the underlying operating system with privileges of t...

Pimcore SQL Injection Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A SQL injection vulnerability exists in the RES...

CVE-2018-14058

Pimcore before 5.3.0 allows SQL Injection via the REST web service API...

CVE-2018-14058

Pimcore before 5.3.0 allows SQL Injection via the REST web service API...

Sql injection

Pimcore before 5.3.0 allows SQL Injection via the REST web service API...

CVE-2018-14058

Pimcore before 5.3.0 allows SQL Injection via the REST web service API...

SQL Injection

pimcore/pimcore is vulnerable to SQL Injection attacks. The library does not sanitize API endpoints properly, allowing a malicious user to inject and execute arbitrary SQL queries through the REST web service API...

Pimcore 5.2.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities

Exploit for php platform in category web applications ======================================================================= title: SQL Injection, XSS & CSRF vulnerabilities product: Pimcore vulnerable version: 5.2.3 and below fixed version: 5.3.0 CVE number: CVE-2018-14057, CVE-2018-14058,...

Pimcore 5.2.3 CSRF / Cross Site Scripting / SQL Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: SQL Injection, XSS & CSRF vulnerabilities product: Pimcore vulnerable version: 5.2.3 and below fixed version: 5.3.0 CVE number: CVE-2018-14057, CVE-2018-14058,...