Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the REST server. An attacker can execute commands as the user by producing a malicious link that, if clicked while the user is logged in, exploits the server. PoC Attacker puts something like this int...

Caldera Forms <= 1.5.4 - Authenticated Cross-Site Scripting (XSS)

Version 1.5.4 and earlier of Caldera Forms is vulnerable to a reflected cross-site scripting vulnerability in the "edit" parameter, which is not properly escaped before being printed in an HTML attribute. An attacker can use this to craft URLs that, when clicked, result in malicious JavaScript...

Drupal 8.x < 8.3.7 Multiple Vulnerabilities (SA-CORE-2017-004)

According to its self-reported version, the instance of Drupal running on the remote web server is 8.x prior to 8.3.7. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the views subsystem due to a failure to restrict access to the Ajax endpoint to only views configured ...

CVE-2017-7557

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...

Cross site request forgery (csrf)

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...

DEBIAN-CVE-2017-7557

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...

CVE-2017-7557

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...

CVE-2017-7557

CVE-2017-7557 affects dnsdist 1.1.0, where an authentication flaw in the REST API potentially enables CSRF. Evidence across multiple advisories shows this vulnerability alongside other issues (CVE-2016-7069, CVE-2018-14663) and that fixes exist in later dnsdist releases. Upgrading to at least 1.2...

CVE-2017-7557

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...

FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (473b6a9e-8493-11e7-b24b-6cf0497db129)

Drupal Security Team : CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...

Drupal Patches Critical Access Bypass Bug

Website management platform Drupal released several patches that address access bypass vulnerabilities in its Drupal 8 Core engine Wednesday, fixing one critical and two moderately critical security bugs. The most serious of the vulnerabilities is the access bypass vulnerability CVE-2017-6925 in...

REST API can bypass comment approval.

More info at https://www.drupal.org/SA-CORE-2017-004...

REST API can bypass comment approval.

More info at https://www.drupal.org/SA-CORE-2017-004...

drupal -- Drupal Core - Multiple Vulnerabilities

Drupal Security Team: CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...

CVE-2017-1500

A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get a...

Moderate: Red Hat Enhancement Advisory: Red Hat Virtualization Manager (ovirt-engine) 4.1.4

An update is now available for Red Hat Virtualization Manager. The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities,...

WordPress Stop User Enumeration plugin <=1.3.8 - REST API Bypass vulnerability

WordPress Stop User Enumeration plugin version 1.3.8 and earlier version vulnerable to the REST API Bypass vulnerability found by DXW. Solution Please update WordPress Stop User Enumeration plugin to the latest available version at least version 1.3.9...

WordPress Stop User Enumeration 1.3.8 User Enumeration

Details ================ Software: Stop User Enumeration Version: 1.3.8 Homepage: https://wordpress.org/plugins/stop-user-enumeration/ Advisory report: https://security.dxw.com/advisories/stop-user-enumeration-rest-api/ CVE: Awaiting assignment CVSS: 5 Medium; AV:N/AC:L/Au:N/C:P/I:N/A:N Descripti...

CVE-2017-8919

NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors...

Stop User Enumeration <= 1.3.8 - REST API Bypass

The Stop User Enumeration WordPress plugin was affected by a REST API Bypass security vulnerability...