Lucene search
K

138 matches found

Qualys Blog
Qualys Blog
added 2019/10/07 2:0 p.m.180 views

Enhanced API Scanning with Postman Support in Qualys WAS

Due to the fast-growing usage of REST APIs, having a way to test them for vulnerabilities in an automated, reliable way is more important than ever. Automated testing of APIs is a little trickier than for web applications. You can't simply enter a starting URL for the scanner and click "Go"...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2019/09/16 8:30 p.m.154 views

ACT Platform - Open Platform For Collection And Exchange Of Threat Intelligence Information

Semi-Automated Cyber Threat Intelligence ACT is a research project led by mnemonic as with contributions from the University of Oslo, NTNU, Norwegian Security Authority NSM, KraftCERT and Nordic Financial CERT. The main objective of the ACT project is to develop a platform for cyber threat...

7.5AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2019/01/25 2:20 p.m.37 views

CVE-2019-1003001

A flaw was found in Jenkins Pipeline. In the Declarative plugin, the script sandbox protection could be circumvented during the script compilation phase by applying AST. Both the pipeline validation REST APIs and the actual script/pipeline execution are affected. This allows users with Overall/Re...

8.8CVSS1AI score0.86224EPSS
Exploits9References3
Microsoft KB
Microsoft KB
added 2018/12/11 8:0 a.m.47 views

Description of the security update for SharePoint Enterprise Server 2016: February 13, 2018

None None...

5.4CVSS6.5AI score0.02615EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2018/08/30 2:53 p.m.58 views

Securing Container Deployments with Qualys

With container adoption booming, security teams must protect the applications that DevOps teams create and deploy using this method of OS virtualization. The security must be comprehensive across the entire container lifecycle, and built into the DevOps pipeline in a way that is seamless and...

7.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 6:59 a.m.18 views

Security Bulletin: Missing authorization concept for IBM Business Process Manager (BPM) User Attributes CVE-2014-0908

Summary The User Attribute feature in IBM Business Process Manager does not have an authorization concept. Vulnerability Details As a consequence, each user can read and update their own attribute values and the attribute values for another user by using REST APIs. However, there are...

6CVSS5.6AI score0.01055EPSS
Exploits1Affected Software3
NVD
NVD
added 2018/06/04 7:29 p.m.15 views

CVE-2017-16018

Restify is a framework for building REST APIs. Restify =2.0.0 =4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers...

6.1CVSS6.2AI score0.00966EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/06/04 7:0 p.m.17 views

CVE-2017-16018

Restify is a framework for building REST APIs. Restify =2.0.0 =4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers...

6.2AI score0.00966EPSS
Exploits1References2
n0where
n0where
added 2018/03/19 12:40 a.m.35 views

Intentionally Insecure Webapp for Security Training: OWASP Juice Shop

OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in JavaScript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and AngularJS. It was the first application written entirely in JavaScri...

0.4AI score
Exploits0References6
NVD
NVD
added 2018/03/16 8:29 p.m.25 views

CVE-2017-8013

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password...

9.8CVSS9.6AI score0.02217EPSS
Exploits1References3
Prion
Prion
added 2018/03/16 8:29 p.m.15 views

Hardcoded credentials

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password...

7.5CVSS9.6AI score0.02217EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2018/03/16 8:0 p.m.45 views

CVE-2017-8013

CVE-2017-8013 affects EMC Data Protection Advisor 6.3.x (before patch 67) and 6.4.x (before patch 130). Root cause: undocumented accounts with hard-coded passwords (Apollo System Test, emc.dpa.agent.logon, emc.dpa.metrics.logon) enabling access via REST APIs and potentially administrative privile...

9.8CVSS9.5AI score0.02217EPSS
Exploits1References3Affected Software1
Microsoft KB
Microsoft KB
added 2018/03/13 7:0 a.m.140 views

Description of the security update for SharePoint Enterprise Server 2016: March 13, 2018

None None...

8.8CVSS6.7AI score0.12115EPSS
Exploits0
NVD
NVD
added 2018/02/21 12:29 a.m.19 views

CVE-2018-7272

The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file...

6.5CVSS6.2AI score0.00878EPSS
Exploits0References2
Prion
Prion
added 2018/02/21 12:29 a.m.16 views

Cross site request forgery (csrf)

The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file...

4CVSS6.2AI score0.00878EPSS
Exploits0References2Affected Software1
n0where
n0where
added 2017/03/20 7:39 a.m.21 views

Personalized User Focused Security: Stethoscope

Stethoscope is a web application that collects information from existing device data sources e.g., JAMF or LANDESK on a given user’s devices and gives them clear and specific recommendations for securing their systems. Stethoscope consists of two primary pieces: a Python-based back-end and a...

Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/10/29 12:0 a.m.24 views

Fedora 18 : ReviewBoard-1.7.16-2.fc18 / python-djblets-0.7.21-1.fc18 (2013-18911)

Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users could access certain data they should not have been able to access, if using the Local Sites feature, invite-only groups, or private repositories. It also fixes cases with invite-only groups where the group name and list of...

9.8CVSS6.5AI score0.0304EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2013/10/29 12:0 a.m.25 views

Fedora 19 : ReviewBoard-1.7.16-2.fc19 / python-djblets-0.7.21-1.fc19 (2013-18931)

Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users could access certain data they should not have been able to access, if using the Local Sites feature, invite-only groups, or private repositories. It also fixes cases with invite-only groups where the group name and list of...

9.8CVSS6.5AI score0.0304EPSS
Exploits0References8
Rows per page
Query Builder