CVE-2017-1000226

Stop User Enumeration 1.3.8 allows user enumeration via the REST API...

CVE-2017-1000226

Stop User Enumeration 1.3.8 allows user enumeration via the REST API...

CVE-2017-1000226

The CVE-2017-1000226 entry concerns WordPress Stop User Enumeration plugin version 1.3.8. The available connected data indicate a vulnerability that allows user enumeration via the REST API. The issue is described consistently across sources as stemming from the REST interface exposing username i...

PT-2017-10922

Name of the Vulnerable Software and Affected Versions Stop User Enumeration version 1.3.8 Description The issue allows user enumeration via the REST API. Recommendations For version 1.3.8, consider disabling the REST API until a patch is available to prevent user enumeration...

Tuleap 9.6 Second-Order PHP Object Injection

This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap = 9.6 which could be abused by authenticated users to execute...

Remote code execution

An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements method is using the unserialize function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be...

CVE-2017-7411

An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements method is using the unserialize function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be...

CVE-2017-7411

Summary (CVE-2017-7411): Enalean Tuleap ≤ 9.6 is vulnerable due to User::getRecentElements() using unserialize() with data manipulable via the REST API, enabling injection of arbitrary PHP objects into the app scope and potential Remote Code Execution. Public material describes a second-order PHP...

CVE-2017-7411

An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements method is using the unserialize function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be...

Access Bypass

Drupal is vulnerable to access bypass. Malicious users are able to leverage the REST API to post approved comments regardless of their permission level. This only affects applications which have the RESTful web services enabled...

GHSA-F7P5-W2CR-7CP7 Puppet Improper Input Validation vulnerability

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call...

Puppet Improper Input Validation vulnerability

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call...

Unauthenticated Remote Code Execution Vulnerability

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call...

Tuleap < 9.7 Object Injection Vulnerability

Tuleap is prone to an object injection vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2017-12287

A vulnerability in the cluster database CDB management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server VCS Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a...

CVE-2017-12287

A vulnerability in the cluster database CDB management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server VCS Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a...

Unspecified Vulnerability in Oracle Hospitality Hotel Mobile

Oracle Hospitality Applications is a suite of business applications, servers, and storage solutions for hotel management from Oracle Corporation. The solution provides human resources cost management, provide customer service throughout the journey tracking management to improve customer...

WebBreaker - Dynamic Application Security Test Orchestration (DASTO)

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...

CVE-2017-14868

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension...

CVE-2017-1000106

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue...