Cisco Elastic Services Controller REST API Authentication Bypass (CVE-2019-1867)

An authentication bypass vulnerability exists in the REST API of Cisco Elastic Services Controller. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with administrative privileges on the target machine...

Exploit for Path Traversal in Wordpress

CodePath Week 7-8 CodePath Assignment for Weeks 7 & 8: CVE...

Authorization Bypass

magento/community-edition is vulnerable to authorization bypass. The vulnerability exists as a user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially confidental information...

Osmedeus v1.5 - Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning

Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Installation git clone https://github.com/j3ssie/Osmedeus cd Osmedeus ./install.sh This install only focus on Kali linux, check more install on Wiki page How to use I...

TeamPass <= 2.1.27.36 Multiple XSS Vulnerabilities

TeamPass is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Moderate: Red Hat Security Advisory: spice-gtk security and bug fix update

An update for spice-gtk, libgovirt, spice-vdagent, and virt-viewer is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

CVE-2019-7950

An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially...

CVE-2019-7950

An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially...

Improper access control

An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially...

CVE-2019-7950

CVE-2019-7950 affects Magento 2.x before specific patch levels: 2.1 &lt; 2.1.18, 2.2 &lt; 2.2.9, and 2.3

Design/Logic Flaw

Axway SecureTransport 5.x through 5.3 or 5.x through 5.5 with certain API configuration is vulnerable to unauthenticated blind XML injection and XXE in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks i.e., SSRF...

CVE-2019-14277

CVE-2019-14277 affects Axway SecureTransport 5.x (through 5.3; and 5.x through 5.5 with certain API configuration). The issue is unauthenticated blind XML injection (and XXE) in the REST API resetPassword function, with potential for local file disclosure, DoS, or URI invocation attacks (SSRF) th...

CVE-2019-14277

Axway SecureTransport 5.x through 5.3 or 5.x through 5.5 with certain API configuration is vulnerable to unauthenticated blind XML injection and XXE in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks i.e., SSRF...

Axway SecureTransport 5 XML Injection

| | | | | / \ '/ \ | |/ | | / / / | | || | | | /|| |/|| https://zero.lol zero days 4 days ATTENTION: this is a friendly neighborhood zeroday drop Title: Axway SecureTransport 5 Unauthenticated XML Injection / XXE Google Dork: intitle:"Axway SecureTransport" "Login" Date: July 20th 2019 Author:...

Axway SecureTransport 5 - Unauthenticated XML Injection Vulnerability

Exploit for linux platform in category web applications Title: Axway SecureTransport 5 - Unauthenticated XML Injection Google Dork: intitle:"Axway SecureTransport" "Login" Date: 2019-07-20 Author: Dominik Penner / zer0pwn of Underdog Security Vendor Homepage: https://www.axway.com/en Software Lin...

CVE-2019-1917

A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by...

Authentication flaw

A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by...

CVE-2019-1917

Cisco Vision Dynamic Signage Director contains a REST API authentication bypass. A remote, unauthenticated attacker can craft HTTP requests to the REST API, due to insufficient validation, to bypass authentication and perform arbitrary actions with administrative privileges. The REST API is enabl...

CVE-2019-1917 Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability

A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by...

CVE-2019-1917 Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability

A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by...