599 matches found
CVE-2019-8446
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check...
CVE-2019-14999
The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery CSRF vulnerability on an authenticated...
CVE-2019-6638
On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process...
Code injection
On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process...
PT-2019-18220 · F5 · F5 Big-Ip
Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 14.0.0 through 14.0.0.4 F5 BIG-IP versions 14.1.0 through 14.1.0.5 Description: The issue arises from malformed HTTP requests made to an undisclosed iControl REST endpoint, which can cause an infinite loop of the restjavad...
CVE-2019-11185
The WP Live Chat Support Pro plugin through 8.0.26 for WordPress contains an arbitrary file upload vulnerability. This results from an incomplete patch for CVE-2018-12426. Arbitrary file upload is achieved by using a non-blacklisted executable file extension in conjunction with a whitelisted file...
WordPress Google Maps Plugin SQL Injection
This module exploits a SQL injection vulnerability in a REST endpoint registered by the WordPress plugin wp-google-maps between 7.11.00 and 7.11.17 included. As the table prefix can be changed by administrators, set DBPREFIX accordingly. This module requires Metasploit:...
GHSA-97GV-3P2C-XW7J Denial of Service and Content Injection in i18n-node-angular
Versions of i18n-node-angular prior to 1.4.0 are affected by denial of service and cross-site scripting vulnerabilities. The vulnerabilities exist in a REST endpoint that was created for development purposes, but was not disabled in production in affected versions. Recommendation Update to versio...
Denial of Service and Content Injection in i18n-node-angular
Versions of i18n-node-angular prior to 1.4.0 are affected by denial of service and cross-site scripting vulnerabilities. The vulnerabilities exist in a REST endpoint that was created for development purposes, but was not disabled in production in affected versions. Recommendation Update to versio...
Cross site request forgery (csrf)
MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery CSRF vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvgsave that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be...
CVE-2019-1000003
MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery CSRF vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvgsave that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be...
Splunk Information Disclosure Vulnerability (SP-CAAAP5E)
The Splunk installation running on the remote web server is affected by an information disclosure vulnerability at a Splunk REST endpoint. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose potentially sensitive information C Tenable Network Securit...
CVE-2018-16148
The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...
CVE-2018-16148
The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...
Cross site scripting
The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...
CVE-2018-16148
The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...
CVE-2018-1000623
JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu - Import & Export - Repositories, triggers a vulnerable UI REST endpoint /ui/artifactimport/upload...
Security Bulletin: Remote code execution possible due to insecure REST endpoint (CVE-2016-8938)
Summary IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications. Vulnerability Details CVEID: CVE-2016-8938 DESCRIPTION:...
CVE-2018-1291
Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements. A hacker/user can inject/draft the 'orderBy' query parameter by way of...
Missing permission check in review coverage REST endpoint - CVE-2017-18035
The /rest/review-coverage-chart/1.0/data//.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistic...