4929 matches found
CVE-2016-0349
IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call...
CVE-2016-0349
IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call...
Design/Logic Flaw
IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call...
CVE-2016-0349
CVE-2016-0349 affects IBM Business Process Manager versions 8.5.6–8.5.6.2 and 8.5.7 before 8.5.7.CF201606. The issue is an incorrect authorization check that allows remote authenticated users to bypass access controls and update process-instance variables via a REST API call. Impact is restricted...
CVE-2016-0349
IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call...
Riverbed SteelCentral NetProfiler / NetExpress 10.8.7 XSS / Code Execution
, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Riverbed SteelCentral NetProfiler & NetExpress Multiple Vulnerabilities Affected versions: SteelCentral NetProfiler = 10.8.7 & SteelCentral NetExpress...
Riverbed SteelCentral NetProfiler NetExpress 10.8.7 - Multiple Vulnerabilities
Riverbed SteelCentral NetProfiler NetExpress 10.8.7 - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Riverbed SteelCentral NetProfiler & NetExpress Multiple Vulnerabilities...
Riverbed SteelCentral NetProfiler & NetExpress 10.8.7 - Multiple Vulnerabilities
Exploit for php platform in category web applications Riverbed SteelCentral NetProfiler & NetExpress Multiple Vulnerabilities Affected versions: SteelCentral NetProfiler = 10.8.7 & SteelCentral NetExpress = 10.8.7 PDF:...
Jetpack <= 4.0.3 - Multiple Vulnerabilities
Jetpack 4.0.4 fixes 3 security bugs: Private feedback form entries were made available publicly via the REST API Post By Email settings could be changed The Likes module was vulnerable to XSS...
Graylog Detection (REST API)
HTTP based detection of the Graylog REST API endpoint. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you ca...
XenAPI For XenForo 1.4.1 SQL Injection
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: XenAPI for XenForo Vendor URL: github.com/Contex/XenAPI Type: SQL Injection CWE-89 Date found: 2016-05-20 Date published: 2016-05-23 CVSSv3 Score: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE...
XenAPI 1.4.1 for XenForo - Multiple SQL Injections
Exploit for php platform in category web applications 1. ADVISORY INFORMATION ======================= Product: XenAPI for XenForo Vendor URL: github.com/Contex/XenAPI Type: SQL Injection CWE-89 Date found: 2016-05-20 Date published: 2016-05-23 CVSSv3 Score: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...
RHEL 6 / 7 : ruby193-rubygem-katello (RHSA-2016:1083)
An update for ruby193-rubygem-katello is now available for Red Hat Satellite 6.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2016-3072
An input sanitization flaw was found in the scoped search parameters sortby and sortorder in the REST API. An authenticated user could use this flaw to perform an SQL injection attack on the Katello back end database...
CVE-2015-5167
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API...
Design/Logic Flaw
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API...
CVE-2015-5167
The CVE-2015-5167 entry concerns Apache Ranger’s Policy Admin Tool. The vulnerability allows remote authenticated users to bypass intended access restrictions via the REST API in Ranger versions prior to 0.5.1. Affected component: Policy Admin Tool; root cause described as an access-control bypas...
CVE-2015-5167
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API...
CVE-2016-2171
The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to 1 add, 2 edit, or 3 delete users via the REST API...
Design/Logic Flaw
The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to 1 add, 2 edit, or 3 delete users via the REST API...