Cross site scripting

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...

CVE-2020-8611

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database...

Sql injection

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database...

CVE-2020-8612

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...

CVE-2020-8612

CVE-2020-8612 affects Progress MOVEit Transfer: vulnerable in 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1 due to a REST API endpoint that does not adequately sanitize malicious input, enabling an authenticated attacker to execute arbitrary code in a user’s browser (XSS). Connected sources c...

CVE-2020-8611

CVE-2020-8611 reports multiple SQL injection vulnerabilities in the REST API of MOVEit Transfer (versions 2019.1 prior to 2019.1.4 and 2019.2 prior to 2019.2.1). An authenticated attacker could gain unauthorized access to MOVEit Transfer’s database via the REST API, and depending on the database ...

CVE-2020-8611

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database...

CVE-2020-6854

A cross-site scripting XSS vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API...

Cross site scripting

A cross-site scripting XSS vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API...

CVE-2020-6854

The provided connected documents confirm a cross-site scripting (XSS) vulnerability in the SOS JobScheduler JOC Cockpit component, affecting versions 1.11 and 1.13.2. The root cause is input handling that allows JSON properties from the REST API to be interpreted as executable client-side script ...

CVE-2020-6854

A cross-site scripting XSS vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API...

Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)

Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Exploit Title: Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Discovery Date: 2019-01-31 Exploit Author: Nolan B. Kennedy nxkennedy Vendor Homepage: https://www.verodin.com/...

Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure Exploit

Exploit for jsp platform in category web applications Exploit Title: Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Discovery Date: 2019-01-31 Exploit Author: Nolan B. Kennedy nxkennedy Vendor Homepage: https://www.verodin.com/ Software Link :...

Verodin Director Web Console 3.5.4.0 Password Disclosure

Exploit Title: Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Discovery Date: 2019-01-31 Exploit Author: Nolan B. Kennedy nxkennedy Vendor Homepage: https://www.verodin.com/ Software Link : https://www.verodin.com/demo-request/demo-request-form Tested Versions...

CVE-2020-2105

REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks...

CVE-2020-2105

REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks...

CVE-2020-2105

REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks...

CVE-2020-2105

CVE-2020-2105 concerns Jenkins REST APIs being vulnerable to clickjacking due to missing X-Frame-Options header in versions up to 2.218 (and LTS up to 2.204.1). The root cause is that REST API responses were not served with deny framing, enabling an attacker to embed endpoints in an iframe and tr...

Authorization Bypass

wordpress is vulnerable to authorization bypass. A user without the publishposts access rights is able to mark or unmark posts as sticky via the REST API...

Cisco Vision Dynamic Signage Director Authentication Bypass Vulnerability

A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to missing authentication on some of the API calls. An attacker could exploit this vulnerabili...