4930 matches found
CVE-2019-20329
OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL server for the REST API on TCP port 5000...
Code injection
OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL server for the REST API on TCP port 5000...
Cisco Data Center Network Manager getZoneListByZoneNameAndParentId SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
BuddyPress 5.0.0 - 5.1.1 - Private Data Exposure via REST API
Certain REST API requests could result in the exposure of private data...
CVE-2019-20329
OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL server for the REST API on TCP port 5000...
CVE-2019-20329
OpenLambda (release 2019-09-10) contains a DNS rebinding vulnerability affecting the OL server hosting the REST API on TCP port 5000. The issue enables potential DNS rebinding attacks against the server as described in multiple sources linked to CVE-2019-20329. The concrete impact and available f...
CVE-2010-3782
obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation...
Information disclosure
obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation...
CVE-2010-3782
obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation...
CVE-2010-3782
obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation...
CVE-2010-3782
CVE-2010-3782 affects obs-server prior to 1.7.7, where a bug in the REST API implementation allows login by 'unconfirmed' accounts. This exposes unauthorized access through the authentication flow. The practical impact is limited to systems running affected obs-server versions and relying on unco...
Cisco Data Center Network Manager Command Injection Vulnerabilities
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system OS. For more information about...
Cisco Data Center Network Manager SQL Injection Vulnerabilities
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DC...
Exploit for SQL Injection in Redmine
CVE-2019-18890 CVE-2019-18890 POC Proof of Concept REDMINE...
CVE-2013-0196
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser...
Cross site request forgery (csrf)
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser...
CVE-2013-0196
OpenShift Enterprise 1.2 is affected by a CSRF vulnerability where the web console uses Basic authentication and the REST API lacks CSRF protection, potentially exposing credentials and Authorization headers when browsers request the API. Affected component: OpenShift Enterprise 1.2 web console/R...
CVE-2013-0196
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser...
Authorization Bypass
wordpress is vulnerable to authorization bypass. The vulnerability exists through a missing access control check in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php, allowing an unauthenticated user to post a sticky post through the REST API...
MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure
MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure Exploit: MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure Date: 2019-12-30 Author: LiquidWorm Vendor: Emmanuel Product web page: https://github.com/empierre/MyDomoAtHome...