Lucene search
+L

599 matches found

OSV
OSV
added 2019/08/23 2:15 p.m.4 views

CVE-2019-8446

The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check...

5.3CVSS6.2AI score0.1755EPSS
Exploits1References2
NVD
NVD
added 2019/08/23 2:15 p.m.35 views

CVE-2019-14999

The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery CSRF vulnerability on an authenticated...

4.3CVSS4.6AI score0.00555EPSS
Exploits0References1
NVD
NVD
added 2019/07/03 7:15 p.m.28 views

CVE-2019-6638

On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process...

6.5CVSS6.5AI score0.01989EPSS
Exploits0References3
Prion
Prion
added 2019/07/03 7:15 p.m.25 views

Code injection

On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process...

4CVSS6.5AI score0.01989EPSS
Exploits0References3Affected Software13
Positive Technologies
Positive Technologies
added 2019/07/03 12:0 a.m.6 views

PT-2019-18220 · F5 · F5 Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 14.0.0 through 14.0.0.4 F5 BIG-IP versions 14.1.0 through 14.1.0.5 Description: The issue arises from malformed HTTP requests made to an undisclosed iControl REST endpoint, which can cause an infinite loop of the restjavad...

6.5CVSS6.4AI score0.01989EPSS
Exploits0References6
OSV
OSV
added 2019/06/03 9:29 p.m.6 views

CVE-2019-11185

The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file...

9.8CVSS7.4AI score0.04349EPSS
Exploits1References3
Metasploit
Metasploit
added 2019/04/11 12:4 p.m.93 views

WordPress Google Maps Plugin SQL Injection

This module exploits a SQL injection vulnerability in a REST endpoint registered by the WordPress plugin wp-google-maps between 7.11.00 and 7.11.17 included. As the table prefix can be changed by administrators, set DBPREFIX accordingly. This module requires Metasploit:...

9.8CVSS8.1AI score0.78699EPSS
Exploits6
OSV
OSV
added 2019/02/18 11:39 p.m.20 views

GHSA-97GV-3P2C-XW7J Denial of Service and Content Injection in i18n-node-angular

Versions of i18n-node-angular prior to 1.4.0 are affected by denial of service and cross-site scripting vulnerabilities. The vulnerabilities exist in a REST endpoint that was created for development purposes, but was not disabled in production in affected versions. Recommendation Update to versio...

8.2CVSS8.2AI score0.00801EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2019/02/18 11:39 p.m.31 views

Denial of Service and Content Injection in i18n-node-angular

Versions of i18n-node-angular prior to 1.4.0 are affected by denial of service and cross-site scripting vulnerabilities. The vulnerabilities exist in a REST endpoint that was created for development purposes, but was not disabled in production in affected versions. Recommendation Update to versio...

8.2CVSS3.8AI score0.00801EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2019/02/04 9:29 p.m.12 views

Cross site request forgery (csrf)

MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery CSRF vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvgsave that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be...

6.8CVSS8.8AI score0.00795EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2019/02/04 9:0 p.m.23 views

CVE-2019-1000003

MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery CSRF vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvgsave that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be...

8.9AI score0.00795EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2019/01/14 12:0 a.m.245 views

Splunk Information Disclosure Vulnerability (SP-CAAAP5E)

The Splunk installation running on the remote web server is affected by an information disclosure vulnerability at a Splunk REST endpoint. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose potentially sensitive information C Tenable Network Securit...

5.3CVSS5.7AI score0.98371EPSS
Exploits7References3
OSV
OSV
added 2018/09/05 9:29 p.m.8 views

CVE-2018-16148

The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...

6.1CVSS5.8AI score0.01311EPSS
Exploits3References4
NVD
NVD
added 2018/09/05 9:29 p.m.24 views

CVE-2018-16148

The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...

6.1CVSS6.2AI score0.01311EPSS
Exploits3References4
Prion
Prion
added 2018/09/05 9:29 p.m.25 views

Cross site scripting

The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...

4.3CVSS6.8AI score0.01311EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2018/09/05 9:0 p.m.24 views

CVE-2018-16148

The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...

6.9AI score0.01311EPSS
Exploits3References4
Cvelist
Cvelist
added 2018/07/09 8:0 p.m.16 views

CVE-2018-1000623

JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu - Import & Export - Repositories, triggers a vulnerable UI REST endpoint /ui/artifactimport/upload...

7.5AI score0.02819EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.25 views

Security Bulletin: Remote code execution possible due to insecure REST endpoint (CVE-2016-8938)

Summary IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications. Vulnerability Details CVEID: CVE-2016-8938 DESCRIPTION:...

10CVSS1.8AI score0.02824EPSS
Exploits0Affected Software1
OSV
OSV
added 2018/04/20 6:29 p.m.18 views

CVE-2018-1291

Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements. A hacker/user can inject/draft the 'orderBy' query parameter by way of...

8.1CVSS8.5AI score
Exploits0References2
Atlassian
Atlassian
added 2018/01/18 10:54 a.m.33 views

Missing permission check in review coverage REST endpoint - CVE-2017-18035

The /rest/review-coverage-chart/1.0/data//.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistic...

4.3CVSS5.1AI score0.00788EPSS
Exploits0
Rows per page
Query Builder