4929 matches found
oBike Electronic Lock Bypass
CVE-2018-16242 - oBike Electronic Lock Bypass Product: oBike bicycle-sharing service Vendor: oBike Inc. CVE ID: CVE-2018-16242 Subject: Access control bypass by replay attack on predictable nonce Effect: Unauthorized unlocking of bikes, cirumventing the ride-fees Author: Antoine Neuenschwander...
Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability
A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this...
Couchbase Server Remote Code Execution Vulnerability
Couchbase Server allows for authenticated users to send arbitrary erlang code to diag/eval. Couchbase Server Remote Code Execution Vulnerability Description: Couchbase Server 1 exposes REST API 2 which by default is available on TCP/8091 and/or TCP/18091. Authenticated users can send arbitrary...
Couchbase Server Remote Code Execution
Hey, Description: Couchbase Server 1 exposes REST API 2 which by default is available on TCP/8091 and/or TCP/18091. Authenticated users can send arbitrary Erlang code to 'diag/eval' endpoint of the API. The code will be subsequently executed in the underlying operating system with privileges of t...
Pimcore SQL Injection Vulnerability
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A SQL injection vulnerability exists in the RES...
Sql injection
Pimcore before 5.3.0 allows SQL Injection via the REST web service API...
CVE-2018-14058
Pimcore before 5.3.0 allows SQL Injection via the REST web service API...
CVE-2018-14058
Pimcore before 5.3.0 allows SQL Injection via the REST web service API...
CVE-2018-14058
Pimcore before 5.3.0 allows SQL Injection via the REST web service API...
SQL Injection
pimcore/pimcore is vulnerable to SQL Injection attacks. The library does not sanitize API endpoints properly, allowing a malicious user to inject and execute arbitrary SQL queries through the REST web service API...
Pimcore 5.2.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: SQL Injection, XSS & CSRF vulnerabilities product: Pimcore vulnerable version: 5.2.3 and below fixed version: 5.3.0 CVE number: CVE-2018-14057, CVE-2018-14058,...
Pimcore 5.2.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities
Exploit for php platform in category web applications ======================================================================= title: SQL Injection, XSS & CSRF vulnerabilities product: Pimcore vulnerable version: 5.2.3 and below fixed version: 5.3.0 CVE number: CVE-2018-14057, CVE-2018-14058,...
Pimcore 5.2.3 CSRF / Cross Site Scripting / SQL Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: SQL Injection, XSS & CSRF vulnerabilities product: Pimcore vulnerable version: 5.2.3 and below fixed version: 5.3.0 CVE number: CVE-2018-14057, CVE-2018-14058,...
CVE-2018-11770
From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...
CVE-2018-11770
From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...
Authentication flaw
From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...
CVE-2018-11770
From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...
CVE-2018-11770
CVE-2018-11770 affects Apache Spark 1.3.0+ where the standalone master exposes a REST API for job submission that bypasses the configured spark.authenticate.secret. The REST API does not require authentication and, per multiple sources, could allow a user to run a driver program without authentic...
CVE-2018-11770
From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...
Xxe
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 contain a XML External Entity XXE Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to...