4930 matches found
CVE-2014-0026
CVE-2014-0026 applies to katello-headpin and is due to a CSRF vulnerability in the REST API. The issue is listed with CVSS vectors (2.0: AV:N/AC:M/Au:N/C:N/I:P/A:N; 3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) indicating network access, no confidentiality impact, partial integrity impact, a...
Cisco IOS XE Software REST API Authorization Bypass (cisco-sa-20180328-rest)
According to its self-reported version, Cisco IOS XE Software is affected by an authorization bypass vulnerability in the REST API due to insufficient authorization checks for requests that are sent to the REST API of the affected software. An authenticated, remote attacker can exploit this, by...
CVE-2013-4410
ReviewBoard: has an access-control problem in REST API...
Design/Logic Flaw
ReviewBoard: has an access-control problem in REST API...
CVE-2013-4410
CVE-2013-4410 affects ReviewBoard with an access-control issue in its REST API. The NVD entry records a CVSS v3.1 base score of 7.5 (Network, Low attack complexity, No privileges required, Confidentiality impact High; others none). Public references describe the flaw as an access-control problem ...
CVE-2013-4410
ReviewBoard: has an access-control problem in REST API...
Input validation
A vulnerability in the REST API of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input...
CVE-2019-15958 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
A vulnerability in the REST API of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input...
CVE-2019-15958 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
A vulnerability in the REST API of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input...
CVE-2019-15958
CVE-2019-15958 affects Cisco Prime Infrastructure (PI) and Cisco EPNM. A REST API input-validation flaw during High Availability (HA) configuration/registration allows an unauthenticated remote attacker to upload a malicious file and execute arbitrary code with root privileges on the underlying O...
The vulnerability of Modicon microprogrammed controllers, related to the use of the Modbus service provided by the REST API, allows a hacker to disclose protected information.
The vulnerability of Modicon controller’s microprogrammed software is related to the use of the Modbus service provided by the REST API. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
Fedora 30 : rsyslog (2019-1fb95ae48d)
rebase to upstream version 8.1911.0 ------------------------------------------------- new modules available : - ClickHouse output - generic REST API http output - docker API input - misc. external program input takes output of specified binary as log source Note that Tenable Network Security has...
Fedora 31 : rsyslog (2019-ea7d5876a4)
rebase to upstream version 8.1911.0 ------------------------------------------------- new modules available : - ClickHouse output - generic REST API http output - docker API input - misc. external program input takes output of specified binary as log source Note that Tenable Network Security has...
Atlassian Confluence 6.15.1 Directory Traversal
Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Google Dork: N/A Date: 2019-11-11 Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft Windows 7...
Atlassian Confluence 6.15.1 - Directory Traversal Exploit
Exploit for jsp platform in category web applications Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft Windows ...
Atlassian Confluence 6.15.1 - Directory Traversal
Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Google Dork: N/A Date: 2019-11-11 Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft Windows 7...
Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit)
Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Google Dork: N/A Date: 2019-11-11 Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft...
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
A vulnerability in the REST API of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability exists because affected devices...
CVE-2019-18464
In Progress MOVEit Transfer 10.2 before 10.2.6 2018.3, 11.0 before 11.0.4 2019.0.4, and 11.1 before 11.1.3 2019.1.3, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the...
Sql injection
In Progress MOVEit Transfer 10.2 before 10.2.6 2018.3, 11.0 before 11.0.4 2019.0.4, and 11.1 before 11.1.3 2019.1.3, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the...