CVE-2016-7542

A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes not including super-admins stored on the appliance via the webui REST API, and may therefore be able to crack them...

CVE-2016-7542

CVE-2016-7542 affects Fortinet FortiOS. A read-only administrator on FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA can access read-write administrator password hashes stored on the appliance via the webUI REST API, enabling potential password cracking of non-super-admins. Public refere...

WordPress REST API Bug Could Be Used in Stored XSS Attacks

The recently patched WordPress REST API Endpoint vulnerability is the gift that keeps on giving. Already responsible for more than one million website defacements and attempts to monetize some of those attacks, the flaw also opens the door to a separate attack. Researchers at Sucuri who found the...

Cross site request forgery (csrf)

A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie...

CVE-2017-5621

An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API...

CVE-2017-6080

An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid...

CVE-2017-6081

A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie...

CVE-2017-6081

CVE-2017-6081 affects Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. The vulnerability is a CSRF issue allowing cross-domain requests directly to the REST API for users with a valid session cookie. CVSS metrics reflect a high-severity issue (CVSSv3 base score 8.8; CVSSv2 base sc...

CVE-2017-6081

A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie...

WordPress REST API Endpoint Cross-Site Scripting Vulnerability

WordPress is a free and open source blogging software and content management system that uses PHP and MySQL as its platform. A cross-site scripting vulnerability exists in WordPress REST API Endpoint versions prior to 4.7.3, which can be exploited by an attacker to inject arbitrary JavaScript...

WordPress 4.7.3 Patches Half-Dozen Vulnerabilities

WordPress released a security update on Tuesday that patched a half-dozen bugs, including one that could be chained with the recent REST API Endpoint flaw that led to a million website defacements. Given that the bug was introduced in WordPress 4.7 and the availability of a patch that backports...

Wordpress < 4.7.1 - Username Enumeration (CVE-2017-5487)

Author: p0wd3r know Chong Yu 404 security lab Date: 2017-03-05 0x00 vulnerability overview Vulnerability description Recently exploit-db is published on a Wordpress 4.7.1 username enumeration vulnerabilities: , in fact, the vulnerability to 1-month 14, has been posted on the Internet, and given t...

RestWS - Moderately Critical - Information Disclosure - SA-CONTRIB-2017-024

RestWS makes Drupal Entity data available in a REST API. The module doesn’t sufficiently check for access to properties when filtering queries. This vulnerability is mitigated by the fact that an attacker must have a role that allows them to access an entity type with access-controlled properties...

Unauthorized Access Via REST API

spark-core is vulnerable to unauthorized access via the REST API. The vulnerability exists as the REST API endpoint does not perform authorization checks based on the UI root's security manager. This allows all users to view all applications through the REST API, even if they could normally not...

Criminals Monetizing Attacks Against Unpatched WordPress Sites

Criminals have inevitably begun to attempt to monetize attacks against WordPress sites still vulnerable to a severe REST API endpoint vulnerability silently patched in the recent 4.7.2 security update. While more than one million websites have been defaced, researchers are now beginning to see so...

WordPress 4.7 / 4.7.1 REST API Content Injection Exploit

Usage Info msf use auxiliary/scanner/http/wordpresscontentinjection msf auxiliarywordpresscontentinjection show actions ...actions... msf auxiliarywordpresscontentinjection set ACTION msf auxiliarywordpresscontentinjection show options ...show and set options... msf...

Information Disclosure

spark-core is vulnerable to information disclosure. The vulnerability is possible due to a flaw in the security filter not performing authentication at the application level but instead at the roof of the UI. Therefore, the data and application in the SHS can be accessed through the REST API by a...

WordPress 4.7.x < 4.7.2 REST API 'id' Parameter Privilege Escalation

The WordPress application running on the remote web server is version 4.7.x prior to 4.7.2. It is, therefore, affected by a privilege escalation vulnerability in the REST API due to a failure to properly sanitize user-supplied input to the 'id' parameter when editing or deleting blog posts. An...

The new aeration WordPress REST API content injection vulnerability details-vulnerability warning-the black bar safety net

Recently, from the Sucuri researchers discovered WordPress there are significant vulnerabilities, vulnerabilities that WordpressREST API, the successful exploitation of the vulnerability could delete pages or modify the page content. The official quickly released an upgraded version of Wordpress,...

WordPress 4.7.0 / 4.7.1 Insert PHP Code Injection

Exploit Title: WordPress 4.7.0/4.7.1 Plugin Insert PHP - PHP Code Injection Exploit Author: sucuri.net @sucurisecurity Date: 2017-02-09 Google Dork : inurl:/wp-content/plugins/insert-php/ Vendor Homepage: https://fr.wordpress.org/plugins/insert-php/ Tested on: MSWin32 Version: 3.3.1 Explanation :...