Atlassian Confluence 5.2 / 5.8.14 / 5.8.15 - Multiple Vulnerabilities

Exploit for php platform in category web applications Systems Affected Product : Confluence Company : Atlassian Versions 1 : 5.2 / 5.8.14 / 5.8.15 CVSS Score 1 : 6.1 / Medium classified by vendor Versions 2 : 5.9.1 / 5.8.14 / 5.8.15 CVSS Score 2 : 7.7 / High classified by vendor Product Descripti...

Ubiquiti Inc.: Reflected File Download in community.ubnt.com/restapi/

Hello, https://community.ubnt.com/restapi/vc/authentication/sessions/Ubiquitiupdate.cmd?restapi.responseformat=json&callback=%22||calc|| The above URL is vulnerable to RFD. Here is the proof of concept: Browser Chrome: Embedded the above URL in html 5 anchor tags with download attribute: Download...

CVE-2015-7452

IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API...

Code injection

IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API...

CVE-2015-7452

IBM Maximo Asset Management (versions 7.6 and 7.5, including related Maximo variants and SmartCloud Control Desk) has a vulnerability that could allow remote authenticated users to obtain sensitive information via the REST API. The issue is documented with CVSS v3 base score 4.3 (LOW). Affected p...

CVE-2015-7452

IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API...

Design/Logic Flaw

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified...

Secure Data Space 3.1.1-2 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 secunet Security Networks AG Security Advisory Advisory: SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities 1. DETAILS - ---------- Product: SECURE DATA SPACE Vendor URL: www.ssp-europe.eu Type: Cross-site...

A Quick Glance at Modern Browsers's Protection Part #1

tl;dr in this blog post we are going to give a look at modern browsers's protection with some hands on example available at and deployed in Heroku. This blog post is NOT about Same-origin policy Introduction In this blog post we are going to give a look at modern browsers's protection. More...

It is possible to access the list of patches in a review and their content by unprivileged users

We've discovered and fixed a security issue, where the attacker could using the REST API: access the list of patches in a review their filename, database id upload date and anchor details without authentication access the patch content for any review as long as he had view access to any other...

It is possible to access the list of patches in a review and their content by unprivileged users

We've discovered and fixed a security issue, where the attacker could using the REST API: access the list of patches in a review their filename, database id upload date and anchor details without authentication access the patch content for any review as long as he had view access to any other...

Cisco Videoscape Distribution Suite Service Manager REST API信息泄露漏洞

No description provided by source...

CVE-2015-6364

Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960...

Design/Logic Flaw

Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960...

CVE-2015-6364

Cisco Videoscape Distribution Suite Service Manager REST API Information Disclosure (CVE-2015-6364) affects Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager. The root cause is improper validation of HTTP requests to the REST API, allowing an unau...

CVE-2015-6364

Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960...

Cisco Videoscape Distribution Suite Service Manager Information Disclosure Vulnerability

A vulnerability in the Representational State Transfer REST Application Programming Interface API that is used by Cisco Videoscape Distribution Suite Service Manager could allow an unauthenticated, remote attacker to cause an affected device to disclose sensitive information. The vulnerability is...

Rest API XSS

An unauthenticated XSS vulnerability has been confirmed in confluence 5.8.15 and 5.8.14. The vulnerability is located at /rest/prototype/1/session/check/something POC URL: http:///confpath/rest/prototype/1/session/check/something%3Cimg%20src%3da%20onerror%3dalert%280%29%3E This was confirmed in t...

CVE-2015-4929

IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request...

Cross site request forgery (csrf)

IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request...