CVE-2016-10524

i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of...

Design/Logic Flaw

i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of...

CVE-2016-10524

i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of...

Google Patches reCAPTCHA Bypass

Google has fixed a bypass for its reCAPTCHA authentication mechanism – the Turing test-based methodology for proving that website users aren’t robots, commonly spotted on log-in pages online. The news comes as Google releases a new version of reCAPTCHA in beta. Google has been working on refining...

Cross site request forgery (csrf)

The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information i.e., determine if a username is valid because of profile pictures visibility...

CVE-2018-10732

The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information i.e., determine if a username is valid because of profile pictures visibility...

CVE-2018-10732

Dataiku DSS REST API (affected product: Dataiku DSS) prior to version 4.2.3 is affected. The vulnerability arises from profile pictures visibility in the REST API, enabling remote attackers to determine whether a username is valid (information disclosure). The root cause is insufficient access co...

CVE-2018-10732

The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information i.e., determine if a username is valid because of profile pictures visibility...

Any user able to manage space watcher using REST API

h3. Summary Any Confluence user is able to manage Space Watcher by using REST API h3. Steps to Reproduce Create a user that belongs to the "confluence-users" group example: user1 Using an Adminstrator user, create a new space and restrict the space to the administrator user As the normal user...

Burpa - A Burp Suite Automation Tool

A Burp Suite Automation Tool With Slack Integration. Requirements burp-rest-api Burp Suite Professional slackclient Usage $ python burpa.py -h / / / / / / / / / / / // / // / / / // / // / /./,// / ./,/ // burpa version 0.1 / by 0x4D31 usage: burpa.py -h -a scan,proxy-config,stop -pP PROXYPORT...

Archerysec - Open Source Vulnerability Assessment And Management Helps Developers And Pentesters To Perform Scans And Manage Vulnerabilities

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynami...

WordPress 4.7.x < 4.7.2 REST API 'id' Parameter Privilege Escalation

The WordPress application running on the remote web server is version 4.7.x prior to 4.7.2. It is, therefore, affected by a privilege escalation vulnerability in the REST API due to a failure to properly sanitize user- supplied input to the 'id' parameter when editing or deleting blog posts. An...

LocalTapiola: Wordpress Users Disclosure (/wp-json/wp/v2/users/)

Information Using REST API, we can see all the WordPress users/author with some of their information. Step TO Reproduce You can get user info by entering below url in your browser: https://www.lahitapiolarahoitus.fi/wp-json/wp/v2/users/ Result javascript "id": 1, "name": "LTR", "url": "",...

Imperva Python SDK – We’re All Consenting SecOps Here

Managing your WAF can be a complicated task. Custom policies, signatures, application profiles, gateway plugins… there’s a good reason ours is considered the best in the world. Back when security teams were in charge of just a handful of WAF stacks and a few dozen applications, things were...

Astra - Automated Security Testing For REST API's

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...

CVE-2018-0245

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...

Input validation

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...

CVE-2018-0245

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...

CVE-2018-0245

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...

CVE-2018-0245

The CVE-2018-0245 issue affects Cisco 5500 and 8500 Series Wireless LAN Controllers, where the REST API supports requests that may expose sensitive system information. Root cause: incomplete input validation in REST URL handling, enabling an unauthenticated, remote attacker to view system informa...