4930 matches found
Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability
A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by...
Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability
According to its self-reported version, Cisco Application Policy Infrastructure Controller APIC is affected by a privilege escalation vulnerability in the REST API. An authenticated, remote attacker could exploit this, via a malicious software upload using the REST API, to gain root access to the...
CVE-2019-1889
A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller APIC Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checki...
CVE-2019-1889
A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller APIC Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checki...
Input validation
A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller APIC Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checki...
CVE-2019-1889 Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability
A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller APIC Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checki...
CVE-2019-1889
Cisco APIC REST API Privilege Escalation (CVE-2019-1889) affects Cisco Application Policy Infrastructure Controller software. The vulnerability arises from incomplete validation and error checking for the file path when specific software is uploaded via the REST API, allowing an authenticated rem...
Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability
A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller APIC Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checki...
GitLab: Private System Note Disclosure using GraphQL
Summary When you use the REST API or UI to view an issue's discussion/notes, private system note is hidden to member's only. Such as moving an issue to a private project, making issue as duplicate of a confidential issue, someone mentioned this issue in a confidential issue. They are properly...
CVE-2019-9039
In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "alldocs" endpoint. By issuing nested queri...
Design/Logic Flaw
In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "alldocs" endpoint. By issuing nested queri...
CVE-2019-9039
In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway’s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters "startkey" and "endkey" on the "alldocs" endpoint. By issuing nested queri...
CVE-2019-9039
The CVE-2019-9039 issue affects Couchbase Sync Gateway 2.1.2, where an attacker with access to the public REST API could inject additional N1QL statements via the startkey/endkey parameters on the _all_docs endpoint. The underlying vulnerability is a N1QL injection that could disclose sensitive d...
PRODSECBUG-2429: Insecure object reference via customer REST API
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...
Nextcloud: Wordpress Users Disclosure
Information Using REST API, we can see all the WordPress users/author with some of their information. Step to Reproduce You can get user info by entering below url in your browser: https://nextcloud.com/wp-json/wp/v2/users Reference: 356047 Impact Authors : LTR , LTREditor can be created scenario...
Design/Logic Flaw
IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC credentials. IBM X-Force ID: 162159...
CVE-2019-4381
IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC credentials. IBM X-Force ID: 162159...
CVE-2019-4381
CVE-2019-4381 affects IBM i clustering (IBM i 7.x) where the REST API interfacing with the HMC via advanced node failure detection can leak HMC credentials to a local attacker. Affected releases include IBM i 7.2–7.4; IBM’s bulletin lists a base score of 5.9 (CVSSv3) with local access, high impac...
CVE-2019-4381
IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker could exploit this vulnerability to obtain HMC credentials. IBM X-Force ID: 162159...
WordPress Live Chat Support Plugin <= 8.0.32 Improper Authentication Validation Check Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:3cx:livechat"; if description...