Kubernetes Web API Detection

Binary data kuberneteswebapidetect.nbin...

CVE-2018-1778

IBM LoopBack IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4 could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to...

Denial Of Service (DoS)

nifi-web-api is vulnerable to denial of service attacks. The vulnerability exists because there is a flaw in OkHttpReplicationClient.java which leads to missing content-Length check for DELETE requests and non-zero Content-Length header values when a client request to a cluster node was replicate...

Clickjacking Attack

nifi-web-api is vulnerable to clickjacking attacks. The vulnerability exists due to the way the X-Frame-Options headers were inconsistently applied on HTTP responses. This results in different outcomes such as duplicate, or missing security headers, causing some browsers to insecurely interpret t...

Cross-site Request Forgery (CSRF)

nifi-web-api is vulnerable to cross-site request forgery CSRF attacks. The vulnerability exists due to the lack of Cross-Origin Resource Sharing CORS filter applied to the template/upload endpoint, allowing requests from different domains in the origin to be accepted...

MobSF (Mobile Security Framework) v1.0 - Mobile (Android/iOS) Automated Pen-Testing Framework

Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support...

Lenovo xClarity Administrator Information Disclosure Vulnerability (CNVD-2018-14351)

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The solution supports simplified infrastructure management, faster server response, and improved performance of Lenovo server systems. A security vulnerability exists in the Web API in Lenovo LXCA...

Design/Logic Flaw

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user...

CVE-2018-9064

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user...

CVE-2018-9066

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system...

CVE-2018-9064

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user...

CVE-2018-9064

CVE-2018-9064 affects Lenovo xClarity Administrator (LXCA) before version 2.1.0. An authenticated LXCA user can abuse a web API debug call to retrieve the credentials for the System Manager user. Lenovo’s advisory also notes potential privilege escalation and, in limited cases, privileged command...

XClarity Administrator (LXCA) API Vulnerabilities - Lenovo Support US

No description provided...

RSA Archer REST API Authorization Bypass Vulnerability

RSA Archer is an enterprise IT governance and compliance governance product. RSA Archer has an authorization bypass vulnerability in the REST API that can be exploited by an attacker to elevate privileges...

CVE-2018-13791

The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter...

WARDroid Uncovers Mobile Threats to Millions of Users Worldwide

An analysis of 10,000 mobile apps has found that a significant portion of them are open to web API hijacking – something that potentially affects the privacy and security of tens of millions of business users and consumers globally. The root of the threat lies in the inconsistencies that are ofte...

CVE-2016-10676

rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacke...

CVE-2016-10676

The CVE refers to rs-brightcove, a wrapper around Brightcove’s web API. The issue is that rs-brightcove downloads resources over HTTP and can be manipulated by an attacker with a privileged network position, potentially replacing a downloaded executable and causing remote code execution on the ho...

CVE-2016-10676

rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacke...

solr: Directory traversal via Index Replication HTTP API

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...