WordPress 4.7 - User Information Disclosure via REST API

http://www.example.com/wp-json/wp/v2/users...

WordPress 4.7 - User Information Disclosure via REST API

PoC http://www.example.com/wp-json/wp/v2/users...

Server side request forgery (ssrf)

Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via...

CVE-2016-10126

Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via...

CVE-2016-10126

CVE-2016-10126 affects Splunk Enterprise and Splunk Web: multiple 5.0.x/6.x releases are vulnerable to remote HTTP request injection that can leak REST API authentication tokens via unspecified vectors (aka SPL-128840). Affected versions include 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x bef...

WordPress Stop User Enumeration 1.3.4 User Enumeration Vulnerability

WordPress Stop User Enumeration plugin version 1.3.4 fails to stop user enumeration. Details ================ Software: Stop User Enumeration Version: 1.3.4 Homepage: https://wordpress.org/plugins/stop-user-enumeration/ Advisory report:...

WordPress Stop User Enumeration 1.3.4 User Enumeration

Details ================ Software: Stop User Enumeration Version: 1.3.4 Homepage: https://wordpress.org/plugins/stop-user-enumeration/ Advisory report: https://security.dxw.com/advisories/stop-user-enumeration-does-not-stop-user-enumeration/ CVE: Awaiting assignment CVSS: 5 Medium;...

CVE-2016-7462

The Suite REST API in VMware vRealize Operations aka vROps 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization...

CVE-2016-7462

CVE-2016-7462 affects VMware vRealize Operations (vROps) 6.x prior to 6.4.0. The REST API deserialization vulnerability allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload mishandled during deserialization. VM...

Sql injection

SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1...

CVE-2016-2355

SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1...

CVE-2016-2355

SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1...

CVE-2016-2355

SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1...

CVE-2016-2355

Summary: CVE-2016-2355 is a SQL injection vulnerability in the dotCMS REST API, specifically in the param stName used with api/content/save/1. Affected software: dotCMS versions before 3.3.2. Vulnerability details: An attacker can inject arbitrary SQL via the stName parameter, potentially comprom...

Python JSON Fuzzer: PyJFuzz

Python JSON Fuzzer PyJFuzz is a small, extensible and ready-to-use framework used to fuzz JSON inputs , such as mobile endpoint REST API, JSON implementation, Browsers, cli executable and much more. Dependencies In order to work PyJFuzz need a single dependency, bottle , you can install it from...

ip-geolocation-map-bing NSE Script

This script queries the Nmap registry for the GPS coordinates of targets stored by previous geolocation scripts and renders a Bing Map of markers representing the targets. The Bing Maps REST API has a limit of 100 markers, so if more coordinates are found, only the top 100 markers by number of IP...

PyJFuzz - Python JSON Fuzzer

PyJFuzz is a small, extensible and ready-to-use framework used to fuzz JSON inputs , such as mobile endpoint REST API, JSON implementation, Browsers, cli executable and much more. Version | 1.1.0 ---|--- Homepage | http://www.mseclab.com/ Github | https://github.com/mseclab/PyJFuzz Author | Danie...

Splunk Enterprise 6.4.3 Server-Side Request Forgery

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Splunk Enterprise Server-Side Request Forgery Affected versions: Splunk Enterprise = 6.4.3 PDF:...

Splunk Enterprise 6.4.3 - Server-Side Request Forgery

Splunk Enterprise 6.4.3 - Server-Side Request Forgery ''' , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Splunk Enterprise Server-Side Request Forgery Affected versions: Splunk Enterprise = 6.4.3...

FortiOS Local Admin Password Hash Leak Vulnerability

A read-only administrator may have access to read-write administrators password hashes not including super-admins stored on the appliance via the webui REST API , and may therefore be able to crack them...