4935 matches found
REST API - Deactivate the REST API
h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is active by default and there is no way to deactivate. It should have a similar option like the Enabling the Remote...
CVE-2020-9042
In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request...
Cross site request forgery (csrf)
In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request...
CVE-2020-9042
In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request...
CVE-2020-9042
The provided sources describe a CSRF vulnerability in Couchbase Server 6.0 where credentials cached in a browser can be abused to perform a CSRF attack if an administrator has used the browser to view REST API results. Concrete exploit/impact details beyond this (specific vectors, affected versio...
Cisco UCS Director Cloupia Script Remote Code Execution Exploit
This Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director versions prior to 6.7.4.0 to leak the administrator's REST API key and execute a Cloupia script containing an arbitrary root command. Note that the primary functionality of this module is to...
Cisco UCS Director Cloupia Script - Remote Code Execution
This Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco UCS Director Cloupia Script RCE',...
Cisco UCS Director Cloupia Script Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco UCS Director Cloupia Script RCE', 'Description' = %q This module exploits an authentication bypass and directory traversals in Cisco UCS...
Cisco UCS Director Cloupia Script RCE
This module exploits an authentication bypass and directory traversals in Cisco UCS Director 'Cisco UCS Director Cloupia Script RCE', 'Description' = %q This module exploits an authentication bypass and directory traversals in Cisco UCS Director 6.7.4.0 to leak the administrator's REST API key an...
The vulnerability of the REST API interface for controlling physical infrastructure and virtual environments in Cisco UCS Director and Cisco UCS Director Express for Big Data allows a attacker to execute arbitrary code.
The vulnerability of the REST API interface for controlling physical infrastructure and virtual environments of Cisco UCS Director and Cisco UCS Director Express for Big Data is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute...
The vulnerability of the REST API interface of the Cisco UCS Director management tool allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the REST API interface of the Cisco UCS Director management tool for physical infrastructure and virtual environments is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to...
Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases
More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data. The investigation, led by Bob Diachenko...
TeamPass Authorization Control Vulnerability
TeamPass is an open source password manager. A security vulnerability exists in the REST API functionality in TeamPass 2.1.27.36 and earlier versions. An attacker can exploit this vulnerability to gain TeamPass administrator privileges and read or change all passwords...
Missing API Authorization Checks
TeamPass has missing API authorization checks. The application does not properly enforce authorization controls in REST API functions, allowing any user with a valid token to act as administrator and to modify another user's passwords using authenticated api/index.php REST API calls...
CVE-2020-5333
RSA Archer, versions prior to 6.7 P3 6.7.0.3, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information...
CVE-2020-5333
RSA Archer, versions prior to 6.7 P3 6.7.0.3, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information...
Authorization
RSA Archer, versions prior to 6.7 P3 6.7.0.3, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information...
CVE-2020-5333
The CVE-2020-5333 entry concerns RSA Archer before version 6.7 P3 (6.7.0.3) and before 6.6 P6 (6.6.0.6), which contains an authorization bypass vulnerability in the REST API. A remote authenticated Archer user could potentially view unauthorized information due to this flaw. Connected sources cor...
CVE-2020-5333
RSA Archer, versions prior to 6.7 P3 6.7.0.3, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information...
CVE-2020-11671
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default...