Serviio PRO 1.8 DLNA Media Streaming Server - REST API Information Disclosure

!/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1 Summary: Serviio is a free media server. It allows you to stream your...

Mozilla InvestiGator: MIG

Mozilla InvestiGator Mozilla’s real-time digital forensics and investigation platform MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents...

REST API attachment request still works with wrong/expired cookie

h3. Summary If you perform a REST API attachment request using Cookie Based Authentication with wrong/expired cookie it will still return results with 200 status code. h3. Environment JIRA v1000.892.2 h3. Steps to Reproduce Use Cookie Based Authentication using a wrong/expired cookie Perform a RE...

What's new in RIPS 2.0.0?

The new release RIPS 2.0.0 includes the following major changes: A complete new interface with optimized performance demo.ripstech.com A new extensive REST API for full feature automation api.ripstech.com Team and user privilege management Application-specific analysis profiles More detailed code...

XenMobile Rest API

XenMobile provides an extensive REST API that can be leveraged to extract data and provide it for business needs. This feature provides customers with the facility of calling XenMobile services using REST API. Instead of using XenMobile console, customers can call exposed services by using any RE...

Rocket.Chat: XSS via /api/v1/chat.postMessage

The victim could craft a custom message using the REST API that, once seen by the observer, executed arbitrary code in the context of the client user. The vulnerability was present in the attachment fields, where the first field's value could be used to inject HTML tags...

Making Splunk searches using REST API

When you have already learned how to make search requests in Splunk GUI, it may be nice to figure out how do the same from your own scripts using the Splunk REST API. It's really easy! Ok, we have a Splunk SIEM account: user="user" pass="Password123" And we want to execute this search request:...

CVE-2017-1001000

The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...

CVE-2017-1001000

The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...

CVE-2017-1001000

The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...

Integer overflow

The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...

DEBIAN-CVE-2017-1001000

The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...

CVE-2017-1001000

WordPress CVE-2017-1001000 affects WordPress 4.7.x before 4.7.2 in the REST API: REST endpoints wp-json/wp/v2/posts can be accessed with an integer segment followed by a non‑numeric value, enabling remote modification of arbitrary pages. Root cause: lack of validation for an integer identifier in...

CVE-2017-1001000

The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...

CVE-2017-1001000

The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...

CVE-2016-7542

A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes not including super-admins stored on the appliance via the webui REST API, and may therefore be able to crack them...

CVE-2016-7542

A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes not including super-admins stored on the appliance via the webui REST API, and may therefore be able to crack them...

CVE-2016-7542

A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes not including super-admins stored on the appliance via the webui REST API, and may therefore be able to crack them...

CVE-2016-7542

CVE-2016-7542 affects Fortinet FortiOS. A read-only administrator on FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA can access read-write administrator password hashes stored on the appliance via the webUI REST API, enabling potential password cracking of non-super-admins. Public refere...

WordPress REST API Bug Could Be Used in Stored XSS Attacks

The recently patched WordPress REST API Endpoint vulnerability is the gift that keeps on giving. Already responsible for more than one million website defacements and attempts to monetize some of those attacks, the flaw also opens the door to a separate attack. Researchers at Sucuri who found the...