874 matches found
Command injection
A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device...
CVE-2017-9377
A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device...
CVE-2017-9377
A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device...
CVE-2017-9377
Barco ClickShare Base Unit devices (CSM-1 firmware before 1.7.0.3; CSC-1 firmware before 1.10.0.10) are affected by CVE-2017-9377. A command injection vulnerability exists that an attacker with access to the product’s web API can exploit to completely compromise the affected device. The available...
Denial of service
A Denial of Service DoS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API...
CVE-2017-14182
A Denial of Service DoS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API...
Cross site request forgery (csrf)
A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 1.9.0. The vulnerability allows cross-site request forgery CSRF attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated...
CVE-2017-7926
A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 1.9.0. The vulnerability allows cross-site request forgery CSRF attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated...
CVE-2017-7926
A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 1.9.0. The vulnerability allows cross-site request forgery CSRF attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated...
CVE-2017-7926
CVE-2017-7926 affects OSIsoft PI Web API versions prior to 2017 (1.9.0). The issue is Cross-Site Request Forgery (CSRF) where an unauthorized cross-site request from an authenticated browser can perform actions in the PI Web API. Impact described in connected documents includes potential access t...
PT-2017-17799 · Powerdns +1 · Dnsdist +1
Name of the Vulnerable Software and Affected Versions: dnsdist version 1.1.0 Description: The issue is related to a flaw in the authentication mechanism for the REST API, potentially allowing a CSRF attack. Recommendations: For dnsdist version 1.1.0, consider disabling the REST API until a patch ...
Open Distributed Threat Intelligence: Yeti
Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables e.g. resolve domains, geolocate IPs so that you don’t have to. Yeti provides an interface for humans shiny...
IBM Worklight / MobileFirst Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 a3/4 Reflected Cross-Site Scripting in IBM Worklight OAuth Server Web Api a1/2 ======== a3/4 Table of Contents a1/2 ========================================= 0. Overview 1. Detailed Description 2. Proof Of Concept 3. Solution 4. Disclosure Timeline ...
IBM Patches Reflected XSS in Worklight, MobileFirst
IBM fixed a cross-site scripting vulnerability in two products last month that could have let an attacker execute malicious JavaScript code in a victim’s browser to steal sensitive information, or user credentials. The vulnerability CVE-2017-1500 lingered in the products, Worklight and MobileFirs...
Cross site scripting
A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get a...
CVE-2017-1500
A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get a...
CVE-2017-1500
A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get a...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2017-15834)
Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A cross-site scripting...
OSIsoft PI Web API Cross-Site Request Forgery Vulnerability
The OSIsoft PI Web API is a product for accessing PI system data. A cross-site request forgery vulnerability exists in the OSIsoft PI Web API. As the program fails to properly validate HTTP requests. An attacker could exploit the vulnerability to perform certain unauthorized actions and access th...
OSIsoft PI Web API 2017
CVSS v3 7.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: OSIsoft Equipment: PI Web API 2017 Vulnerability: Cross-Site Request Forgery AFFECTED PRODUCTS OSIsoft reports that the vulnerability affects the following PI Web API products: PI Web API versions prior to 2017 1.9.0...