CVE-2018-1360

A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses...

Immunity Canvas: SNAPD_UID_OVERWRITE

Name| snapduidoverwrite ---|--- CVE| CVE-2019-7304 Exploit Pack| CANVAS Description| snapduidoverwrite Notes| CVE Name: CVE-2019-7304 VENDOR: snapd team NOTES: The snapd service runs as an REST API using a Unix Domain Socket, is possible to send request when the uid is 0 root, the vulnerability i...

FortiManager Unencrypted Password Vulnerability

A cleartext transmission of sensitive information vulnerability in FortiManager may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses...

Cross site scripting

A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2...

CVE-2014-1427

A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2...

CVE-2014-1427

A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2...

CVE-2014-1427

Ubuntu MAAS contains a Cross-Site Scripting vulnerability in its REST API. The issue affects MAAS versions prior to 1.9.2 and can allow an attacker to cause a logged-in user to execute commands via malicious input, due to insufficient validation in the web application. The root cause is tied to R...

CVE-2014-1427 MAAS API vulnerable to CSRF attack

A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2...

CVE-2019-0039

If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password...

Default configuration

If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password...

CVE-2019-0039

CVE-2019-0039 affects Junos OS where REST API is enabled, enabling brute-force login attempts due to a high default connection limit. Publicly documented details list affected Junos OS versions (e.g., 14.1X53 before 14.1X53-D49; 15.1 family before various 15.x builds; up to 18.3R1-S1), with remed...

CVE-2019-0039 Junos OS: Login credentials are vulnerable to brute force attacks through the REST API

If REST API is enabled, the Junos OS login credentials are vulnerable to brute force attacks. The high default connection limit of the REST API may allow an attacker to brute-force passwords using advanced scripting techniques. Additionally, administrators who do not enforce a strong password...

WordPress wp-google-maps plugin input validation error vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-google-maps plugin is a Google Maps plugin used in it. An input validation error vulnerability exists in the...

CVE-2019-10692

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement...

CVE-2019-10692

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement...

Osmedeus - Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning

Osmedeus allow you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. How to use If you have no idea what are you doing just type the command below or check out the Advance Usage ./osmedeus.py -t example.com Installation git clone...

CVE-2019-10692

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement. Recent assessments: rootOptional at March 09, 2020 9:03pm UTC reported: This CVE is fairly obscure due to it being present in the WordPre...

WP Google Maps 7.11.00-7.11.17 - Unauthenticated SQL Injection

The includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement, leading to an unauthenticated SQL injection issue. PoC curl -k --silent "http://example.com/index.php?restroute=3D/wpgmza/v1/markers/=3D%7B%7D&=fields=3D+from+wpusers+--+-"...

CVE-2019-3879

It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges eg Basic Operations could exploit this flaw to...

CVE-2019-3879

It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges eg Basic Operations could exploit this flaw to...