CVE-2017-1628

IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks...

CVE-2017-1628

Summary (CVE-2017-1628 / IBM BPM 8.6.0.0): IBM Business Process Manager exposes an incorrect authorization check on the Event Manager REST API, allowing authenticated users to stop and resume the Event Manager. The root cause is improper access controls for the stop/resume API. Impact is limited ...

CVE-2017-1000226

Stop User Enumeration 1.3.8 allows user enumeration via the REST API...

CVE-2017-1000226

Stop User Enumeration 1.3.8 allows user enumeration via the REST API...

CVE-2017-1000226

The CVE-2017-1000226 entry concerns WordPress Stop User Enumeration plugin version 1.3.8. The available connected data indicate a vulnerability that allows user enumeration via the REST API. The issue is described consistently across sources as stemming from the REST interface exposing username i...

CVE-2017-1000226

Stop User Enumeration 1.3.8 allows user enumeration via the REST API...

PT-2017-10922

Name of the Vulnerable Software and Affected Versions Stop User Enumeration version 1.3.8 Description The issue allows user enumeration via the REST API. Recommendations For version 1.3.8, consider disabling the REST API until a patch is available to prevent user enumeration...

Tuleap 9.6 Second-Order PHP Object Injection

This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap = 9.6 which could be abused by authenticated users to execute...

Remote code execution

An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements method is using the unserialize function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be...

CVE-2017-7411

An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements method is using the unserialize function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be...

CVE-2017-7411

An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements method is using the unserialize function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be...

CVE-2017-7411

Summary (CVE-2017-7411): Enalean Tuleap ≤ 9.6 is vulnerable due to User::getRecentElements() using unserialize() with data manipulable via the REST API, enabling injection of arbitrary PHP objects into the app scope and potential Remote Code Execution. Public material describes a second-order PHP...

Access Bypass

Drupal is vulnerable to access bypass. Malicious users are able to leverage the REST API to post approved comments regardless of their permission level. This only affects applications which have the RESTful web services enabled...

GHSA-F7P5-W2CR-7CP7 Puppet Improper Input Validation vulnerability

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call...

Puppet Improper Input Validation vulnerability

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call...

Tuleap < 9.7 Object Injection Vulnerability

Tuleap is prone to an object injection vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Unauthenticated Remote Code Execution Vulnerability

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call...

CVE-2017-12287

A vulnerability in the cluster database CDB management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server VCS Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a...

CVE-2017-12287

A vulnerability in the cluster database CDB management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server VCS Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a...

Unspecified Vulnerability in Oracle Hospitality Hotel Mobile

Oracle Hospitality Applications is a suite of business applications, servers, and storage solutions for hotel management from Oracle Corporation. The solution provides human resources cost management, provide customer service throughout the journey tracking management to improve customer...