Lucene search
K

72 matches found

Prion
Prion
added 2018/06/07 2:29 a.m.13 views

Directory traversal

dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

5CVSS7.4AI score0.02005EPSS
Exploits1References2
CVE
CVE
added 2018/06/07 2:0 a.m.52 views

CVE-2017-16208

Affected software: dmmcquay.lab6 (REST server). Vulnerability: Directory traversal via crafted URLs (e.g., using ../) allows access to files outside the intended directory. Impact (as documented): Potential disclosure of private files on the vulnerable system. Evidence from connected docs: GHSA a...

7.5CVSS7.4AI score0.02005EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.18 views

CVE-2017-16208

dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

7.4AI score0.02005EPSS
Exploits1References2
Snyk
Snyk
added 2017/09/13 10:0 p.m.4 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the REST server. An attacker can execute commands as the user by producing a malicious link that, if clicked while the user is logged in, exploits the server. PoC Attacker puts something like this int...

8.8CVSS8.8AI score0.01318EPSS
Exploits0References2
Snyk
Snyk
added 2017/09/13 10:0 p.m.3 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the REST server. An attacker can execute commands as the user by producing a malicious link that, if clicked while the user is logged in, exploits the server. PoC Attacker puts something like this int...

8.8CVSS7.2AI score0.01318EPSS
Exploits0References2
NVD
NVD
added 2017/09/13 4:29 p.m.18 views

CVE-2016-8737

In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...

8.8CVSS8.8AI score0.01318EPSS
Exploits0References3
Prion
Prion
added 2017/09/13 4:29 p.m.17 views

Cross site request forgery (csrf)

In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...

6.8CVSS7.2AI score0.01318EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/09/13 4:29 p.m.7 views

CVE-2016-8737

In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...

8.8CVSS5.5AI score0.01318EPSS
Exploits0References3
Prion
Prion
added 2017/09/13 4:29 p.m.18 views

Cross site scripting

In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to ...

3.5CVSS5.4AI score0.01963EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2017/09/13 4:0 p.m.70 views

CVE-2017-3165

CVE-2017-3165 affects Apache Brooklyn before 0.10.0. The REST server is vulnerable to cross-site scripting due to improper escaping of server-side content, allowing an authenticated user to inject scripts that run in other authorized users’ browsers. PoC exploitation is noted. Public sources (inc...

5.4CVSS5.3AI score0.01963EPSS
Exploits1References3Affected Software1
Broadcom
Broadcom
added 2017/05/17 12:0 a.m.10 views

BSA-2017-283

Security Advisory ID : BSA-2017-283 Component : Apache Brooklyn 0.9.0 and all prior versions Revision : 1.0: Interim Apache Brooklyn’s REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the...

5.4CVSS6.1AI score0.01963EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2017/04/04 5:26 p.m.4 views

keycloak: user deletion via incorrect permissions check

It was found that keycloak did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm...

6.5CVSS5.7AI score0.01978EPSS
Exploits0References4
Rows per page
Query Builder