CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4954 matches found

Hacker One•added 2018/01/12 9:30 a.m.•19 views

Grab: Unrestricted access to Eureka server on ██████

Hi Grab Security Team, First of all, best wishes for 2018, empty of bugs if possible ;- Summary: I found that the following endpoint is hosting Netflix Eureka Server █████ and that even if some URLs are requiring authentication 401 code for some of thems like /metrics for example, it is still...

7AI score

Exploits0

Kitploit•added 2018/01/11 8:30 p.m.•8 views

Archery - Open Source Vulnerability Assessment And Management Helps Developers And Pentesters To Perform Scans And Manage Vulnerabilities

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scaning for web application and network. It also performs web application dynamic...

7AI score

Exploits0References4

Atlassian•added 2018/01/04 4:29 a.m.•18 views

Avatar Rest API URL return avatar uploaded by user

h3. Summary When the user run REST API URL https://jira.atlassian.com/rest/api/latest/user/avatars?username="username"|https://jira.atlassian.com/rest/api/latest/user/avatars?username=%22username%22 the result will include system avatar and avatar uploaded by that user. For example,...

1.2AI score

Exploits0Affected Software1

Packet Storm•added 2017/12/19 12:0 a.m.•75 views

Tuleap 9.6 Second-Order PHP Object Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tulea...

6.5CVSS8.8AI score0.66632EPSS

Exploits6

Exploit DB•added 2017/12/19 12:0 a.m.•57 views

Tuleap 9.6 - Second-Order PHP Object Injection (Metasploit)

8.8CVSS7.4AI score0.66632EPSS

Exploits6

0day.today•added 2017/12/19 12:0 a.m.•41 views

Tuleap 9.6 Second-Order PHP Object Injection Exploit

This Metasploit module exploits a Second-Order PHP Object Injection vulnerability in Tuleap 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap = 9.6 which could be abused by authenticated users to...

6.5CVSS9.2AI score0.66632EPSS

Exploits6

Kitploit•added 2017/12/13 1:10 p.m.•15 views

Tiredful API - An intentionally designed broken web application based on REST API

Tiredful API is intentionally designed broken app. The aim of this web app is to teach developers, QA or security professionals about flaws present in webservices REST API due to insecure coding practice. Who can use Tiredful API? Web developers Web Pentesters Security Professionals Student What ...

8.8AI score

Exploits0References1

Tenable Nessus•added 2017/12/13 12:0 a.m.•55 views

RHEL 7 : org.ovirt.engine-root (RHSA-2017:3427)

An update for org.ovirt.engine-root is now available for Red Hat Virtualization Manager version 4.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

6.8CVSS5.9AI score0.00519EPSS

Exploits1References3

RedHat Linux•added 2017/12/12 9:16 a.m.•36 views

Low: Red Hat Security Advisory: org.ovirt.engine-root security, bug fix, and enhancement update

6.8CVSS6.4AI score0.00519EPSS

Exploits1References8

seebug.org•added 2017/12/11 12:0 a.m.•52 views

Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows/Linux host is...

7.3AI score

Exploits0

seebug.org•added 2017/12/11 12:0 a.m.•57 views

Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution

8.2AI score

Exploits0

seebug.org•added 2017/12/11 12:0 a.m.•45 views

Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure

6.7AI score

Exploits0

Atlassian•added 2017/12/06 4:35 p.m.•158 views

REST API - Improved HTTP Authentication

h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is a simple resource that help administrators to perform operations that would take some time of their day to day activities in a couple seconds, instead of a couple minutes. I...

7.7AI score

Exploits0Affected Software1

RedhatCVE•added 2017/12/04 2:49 p.m.•22 views

CVE-2017-14949

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities not parameter external entities are properly considered. This is related to XmlRepresentation, DOMRepresentatio...

7.5CVSS5.1AI score0.02406EPSS

Exploits1References2

Prion•added 2017/11/30 6:29 p.m.•23 views

Design/Logic Flaw

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension...

5CVSS7.5AI score0.02518EPSS

Exploits0References3Affected Software1