JSON REST API 1.1 - JSONP SOP Bypass

The json-rest-api WordPress plugin was affected by a JSONP SOP Bypass security vulnerability...

WordPress WP REST API Plugin <= 1.1 - JSONP SOP Bypass

Because of this vulnerability, it is possible to serve up arbitrary Flash SWF files from the API. These Flash files bypass browser cross-origin domain policies. Solution Upgrade the plugin...

statTypes REST API exposes all statistics field names anonymously

On an instance with no anonymous access enabled, /rest/gadget/1.0/statTypes returns a list of all stattable custom fields names and IDs in the instance in response to anonymous requests. This is a nasty exposure of data - admins have no way of knowing that private data shouldn't be put into custo...

ElasticSearch Dynamic Script Arbitrary Java Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ElasticSearch Dynamic Script Arbitrary Java Execution', 'Description' = %q This module exploits a remote command execution...

ElasticSearch Dynamic Script - Arbitrary Java Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ElasticSearch Dynamic Script Arbitrary Java Execution', 'Description' = %q This module exploits a remote command execution...

ElasticSearch Indices Enumeration Utility

This module enumerates ElasticSearch Indices. It uses the REST API in order to make it...

ElasticSearch search Remote Code Execution (CVE-2014-3120)

A remote command execution vulnerability has been found in ElasticSearch. The vulnerability is due to the search function in the REST API which does not require authentication and allows dynamic scripts execution. A remote attacker can exploit this weakness to execute arbitrary code via a special...

ElasticSearch < 1.2.0 代码执行漏洞

Elasticsearch是一个流行的开源的搜索和分析引擎。这是一个远程命令执行漏洞利用Elasticsearch，利用Elasticsearch 1.2.0 之前版本的默认配置。问题出现在 REST API，在没有身份认证的情况下，搜索功能允许动态脚本执行，可用于远程该漏洞被发现在其他的原料药，这并不需要验证，在搜索功能允许动态脚本执行。攻击者可以利用它远程执行任何 Java 代码。手动测试：读取目标机器的 /etc/passwd 和 /etc/hostscurl -XPOST 'http://localhost:9200/search?pretty' -d ' "size": 1,...

Open source BUG tracking platform JIRA directory traversal vulnerability analysis-vulnerability warning-the black bar safety net

Recently, a new announcement report a Jira 5.0. 1 1 and 6. 0. 3 versions of the directory traversal vulnerability in the last 7 months to be verified, and in the next few months to repair. Attack method is very simple, but the potential impact is very large, the vulnerability could allow an...

Cuckoo Sandbox v1.1 - Automated Malware Analysis

Cuckoo Sandbox is a malware analysis system. It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment. Cuckoo generates a handful of differen...

Applink configuration data is exposed anonymously

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-38225. panel If you make an anonymous GET request to /rest/issueLinkAppLink/1/appLink/info , the instance will tell you all the names, IDs an...

New NIST AppVet Aims to Streamline Application Security

Apple and Google put developers’ apps through a relatively vigorous screening process before they make their way into their respective app stores. Now developers who produce apps intended for use on internal networks at government agencies can get a vetting process of their own. The National...

CVE-2014-0908

The User Attribute implementation in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information,...

Authorization

The User Attribute implementation in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information,...

CVE-2014-0908

IBM BPM's User Attribute feature (Standard/Express/Advanced) across 7.5.x, 8.0.x, 8.5.x does not enforce authorization for read/write of attribute values via REST, enabling remote authenticated users to read or modify attributes and affect email notifications or task assignments. Affected version...

CVE-2014-0908

The User Attribute implementation in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information,...

IBM Business Process Manager授权绕过漏洞

Bugtraq ID:66679 CVE ID:CVE-2014-0908 IBM Business Process Manager是一款不断积累数据的有状态产品。 IBM Business Process Manager中的User属性功能没有授权概念，允许用户每个用户读取和更新自身的属性值及使用REST API来读取其他用户的值，可导致敏感信息泄漏。 0 IBM Business Process Manager Standard V7.5.x, 8.0.x, 8.5.x IBM Business Process Manager Express V7.5.x, 8.0.x, 8.5.x...

oVirt跨站请求伪造漏洞

CVE ID:CVE-2014-0152 oVirt是一个虚拟化平台，一个易于使用的Web界面。 由于程序允许用户通过未验证的HTTP请求执行某些操作，攻击者可以利用漏洞在一个登录的用户访问恶意网站时将请求发送到REST API或GWT RPC的servlet。 0 oVirt 3.x 目前没有详细解决方案： http://www.ovirt.org/Home...

Fedora Update for rubygem-rbovirt FEDORA-2014-3573

Check for the Version of rubygem-rbovirt OpenVAS Vulnerability Test Fedora Update for rubygem-rbovirt FEDORA-2014-3573 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

Fedora Update for rubygem-rbovirt FEDORA-2014-3526

Check for the Version of rubygem-rbovirt OpenVAS Vulnerability Test Fedora Update for rubygem-rbovirt FEDORA-2014-3526 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...