72 matches found
Directory traversal
dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2017-16208
Affected software: dmmcquay.lab6 (REST server). Vulnerability: Directory traversal via crafted URLs (e.g., using ../) allows access to files outside the intended directory. Impact (as documented): Potential disclosure of private files on the vulnerable system. Evidence from connected docs: GHSA a...
CVE-2017-16208
dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the REST server. An attacker can execute commands as the user by producing a malicious link that, if clicked while the user is logged in, exploits the server. PoC Attacker puts something like this int...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the REST server. An attacker can execute commands as the user by producing a malicious link that, if clicked while the user is logged in, exploits the server. PoC Attacker puts something like this int...
CVE-2016-8737
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...
Cross site request forgery (csrf)
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...
CVE-2016-8737
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...
Cross site scripting
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to ...
CVE-2017-3165
CVE-2017-3165 affects Apache Brooklyn before 0.10.0. The REST server is vulnerable to cross-site scripting due to improper escaping of server-side content, allowing an authenticated user to inject scripts that run in other authorized users’ browsers. PoC exploitation is noted. Public sources (inc...
BSA-2017-283
Security Advisory ID : BSA-2017-283 Component : Apache Brooklyn 0.9.0 and all prior versions Revision : 1.0: Interim Apache Brooklyn’s REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the...
keycloak: user deletion via incorrect permissions check
It was found that keycloak did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm...