4929 matches found
CVE-2018-0195
Cisco IOS XE Software REST API contains an authorization bypass vulnerability that allows an authenticated, remote attacker to bypass REST API authorization and perform privileged actions on the device. The issue arises from insufficient authorization checks for REST API requests. Affected produc...
CVE-2018-0195
A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests that are sent to t...
Cisco IOS XE Software REST API Authorization Bypass Vulnerability
A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests that are sent to t...
Etcd REST API Unauthorized Access Vulnerability
etcd is an open source distributed key-value store database. It provides a reliable way to store data across clusters of machines. By default it returns administrative credentials for queries without authentication. An unauthorized access vulnerability exists in the Etcd REST API. An attacker cou...
Open Source Vulnerability Assessment and Management: Archery
Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scaning for web application and network. It also performs web application dynamic...
CVE-2017-8013
EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password...
Distributed YARA Malware Scanning System: KLara project
Klara project is aimed at helping Threat Intelligence researchers hunt for new malware using Yara . In order to hunt efficiently for malware, one needs a large collection of samples to search over. Researchers usually need to fire a Yara rule over a collection / set of malicious files and then ge...
GitStack Unauthenticated REST API Requests
This modules exploits unauthenticated REST API requests in GitStack through v2.3.10. The module supports requests for listing users of the application and listing available repositories. Additionally, the module can create a user and add the user to the application's repositories. This module has...
CVE-2018-7272
ForgeRock AM before 5.5.0 exposes SSOToken IDs in REST API URLs, allowing attackers with access to logs to extract sensitive information. The root cause is including SSOToken identifiers in URLs, which can be retrieved from log files and reveal token values. Impact is limited to information discl...
CVE-2018-7272
The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file...
HP iLO 4 1.00-2.50 Authentication Bypass Administrator Account Creation
This module exploits an authentication bypass in HP iLO 4 1.00 to 2.50, triggered by a buffer overflow in the Connection HTTP header handling by the web server. Exploiting this vulnerability gives full access to the REST API, allowing arbitrary accounts creation. This module requires Metasploit:...
Design/Logic Flaw
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and...
CVE-2017-1000411
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and...
Kenna Security: Analyzing Vulnerability Scan data
I've been following Kenna Security before 2015 Risk I/O for a pretty long time. Mainly, because they do the things I do on a daily basis: analyse various vulnerability scan results and feeds, and prioritize detected vulnerabilities for further mitigation. The only difference is that my scripts an...
Confluence REST API for reading and updating wiki pages
In previous posts I wrote how to automate the work with Atlassian Jira, including automated ticket labeling. Now let's try to use REST API of another popular Atlassian product - Confluence wiki engine. What you may want to automate in Confluence? Obviously, it may be useful to read the pages that...
Grab: Unrestricted access to Eureka server on ββββββ
Hi Grab Security Team, First of all, best wishes for 2018, empty of bugs if possible ;- Summary: I found that the following endpoint is hosting Netflix Eureka Server βββββ and that even if some URLs are requiring authentication 401 code for some of thems like /metrics for example, it is still...
Archery - Open Source Vulnerability Assessment And Management Helps Developers And Pentesters To Perform Scans And Manage Vulnerabilities
Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scaning for web application and network. It also performs web application dynamic...
Avatar Rest API URL return avatar uploaded by user
h3. Summary When the user run REST API URL https://jira.atlassian.com/rest/api/latest/user/avatars?username="username"|https://jira.atlassian.com/rest/api/latest/user/avatars?username=%22username%22 the result will include system avatar and avatar uploaded by that user. For example,...
Tuleap 9.6 Second-Order PHP Object Injection Exploit
This Metasploit module exploits a Second-Order PHP Object Injection vulnerability in Tuleap 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap = 9.6 which could be abused by authenticated users to...
Tuleap 9.6 Second-Order PHP Object Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tulea...