CVE-2015-5607

Cross-site request forgery in the REST API in IPython 2 and 3...

Dynamic Application Security Test Orchestration: Webbreaker

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...

WordPress REST API Plugin Information Disclosure (CVE-2017-5487)

An information disclosure vulnerability exists in WordPress REST API Plugin. Successful exploitation could result in the disclosure of sensitive user information...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the REST server. An attacker can execute commands as the user by producing a malicious link that, if clicked while the user is logged in, exploits the server. PoC Attacker puts something like this int...

Caldera Forms <= 1.5.4 - Authenticated Cross-Site Scripting (XSS)

Version 1.5.4 and earlier of Caldera Forms is vulnerable to a reflected cross-site scripting vulnerability in the "edit" parameter, which is not properly escaped before being printed in an HTML attribute. An attacker can use this to craft URLs that, when clicked, result in malicious JavaScript...

Drupal 8.x < 8.3.7 Multiple Vulnerabilities (SA-CORE-2017-004)

According to its self-reported version, the instance of Drupal running on the remote web server is 8.x prior to 8.3.7. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the views subsystem due to a failure to restrict access to the Ajax endpoint to only views configured ...

DEBIAN-CVE-2017-7557

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...

CVE-2017-7557

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...

Cross site request forgery (csrf)

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...

CVE-2017-7557

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...

CVE-2017-7557

CVE-2017-7557 affects dnsdist 1.1.0, where an authentication flaw in the REST API potentially enables CSRF. Evidence across multiple advisories shows this vulnerability alongside other issues (CVE-2016-7069, CVE-2018-14663) and that fixes exist in later dnsdist releases. Upgrading to at least 1.2...

CVE-2017-7557

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...

FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (473b6a9e-8493-11e7-b24b-6cf0497db129)

Drupal Security Team : CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...

Drupal Patches Critical Access Bypass Bug

Website management platform Drupal released several patches that address access bypass vulnerabilities in its Drupal 8 Core engine Wednesday, fixing one critical and two moderately critical security bugs. The most serious of the vulnerabilities is the access bypass vulnerability CVE-2017-6925 in...

REST API can bypass comment approval.

More info at https://www.drupal.org/SA-CORE-2017-004...

REST API can bypass comment approval.

More info at https://www.drupal.org/SA-CORE-2017-004...

drupal -- Drupal Core - Multiple Vulnerabilities

Drupal Security Team: CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...

CVE-2017-1500

A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get a...

Moderate: Red Hat Enhancement Advisory: Red Hat Virtualization Manager (ovirt-engine) 4.1.4

An update is now available for Red Hat Virtualization Manager. The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities,...

WordPress Stop User Enumeration 1.3.8 User Enumeration

Details ================ Software: Stop User Enumeration Version: 1.3.8 Homepage: https://wordpress.org/plugins/stop-user-enumeration/ Advisory report: https://security.dxw.com/advisories/stop-user-enumeration-rest-api/ CVE: Awaiting assignment CVSS: 5 Medium; AV:N/AC:L/Au:N/C:P/I:N/A:N Descripti...