W3C High Resolution Time API AnC Attack Vulnerability

The W3C High Resolution Time API is a set of JavaScript interfaces for providing web applications with a sub-millisecond resolution of the current time format. A security vulnerability exists in the W3C High Resolution Time API. The vulnerability can be exploited by an attacker with specially...

CVE-2017-5153

An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords...

CVE-2016-8353

An issue was discovered in OSIsoft PI Web API 2015 R2 Version 1.5.1. There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions...

Design/Logic Flaw

An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords...

CVE-2016-8353

An issue was discovered in OSIsoft PI Web API 2015 R2 Version 1.5.1. There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions...

CVE-2017-5153

An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords...

CVE-2017-5153

The CVE-2017-5153 issue affects OSIsoft PI Coresight 2016 R2 and earlier, and PI Web API 2016 R2 when deployed with the PI AF Services 2016 R2 integrated installer. It is an information exposure vulnerability through server log files that may allow exposure of service account passwords, potential...

CVE-2016-8353

The CVE-2016-8353 issue affects OSIsoft PI Web API 2015 R2 (Version 1.5.1). A weakness in the PI Web API service could let an attacker access the PI system without proper permissions, with remote exploitation possible depending on configuration. The NVD/ICS-CERT entries describe the vulnerability...

OSIsoft PI Coresight and PI Web API

CVSS V3 6.1 Vendor: OSIsoft Equipment: PI Coresight, PI Web API Vulnerability: Information Exposure Through Server Log Files AFFECTED PRODUCTS OSIsoft reports that the vulnerability affects the following versions: PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed usi...

OSIsoft PI Coresight and PI Web API (Update A)

CVSS V3 6.1 Vendor: OSIsoft Equipment: PI Coresight, PI Web API Vulnerability: Information Exposure Through Server Log Files UPDATED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-010-01 OSIsoft PI Coresight and PI Web API that was published January 10,...

CVE-2016-8827

NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack...

Magento Community Edition 2.x < 2.0.4 Multiple Vulnerabilities

Binary data 9693.prm...

CVE-2016-7040

Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections...

Twonky Server < 7.2.11, 8.x < 8.1.2 Writing of Arbitrary Files Vulnerability

Twonky Server is prone to a vulnerability which permits attackers with access to the local network in which Twonky Server runs, to write arbitrary files on the host running the Twonky Server. It can be used to replace existing or create new files on the file system, as accessible by the user unde...

torob.ir XSS vulnerability

Vulnerable URL: http://torob.ir/web-api/1/search/?category==z/%3BalertOPENBUGBOUNTY%3Bz=functionreturn%20/z=0=10=10 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 87398 VIP website...

Magento API unserialize Remote Code Execution (CVE-2016-4010)

A remote code execution vulnerability exists in the e-commerce platform Magento. The vulnerability is due to deserialization of attacker controlled objects via the checkout API. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted Web API request to the target...

Magento < 2.0.6 - Unauthenticated Remote Code Execution

参考来源：http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/ The vulnerability CVE-2016-4010 allows an attacker to execute PHP code at the vulnerable Magento server unauthenticated. This vulnerability actually consists of many small vulnerabilities Magento is an extremely...

CVE-2016-1290

The web API in Cisco Prime Infrastructure 1.2.0 through 2.22 and Cisco Evolved Programmable Network Manager EPNM 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227...

CVE-2016-1290

The web API in Cisco Prime Infrastructure 1.2.0 through 2.22 and Cisco Evolved Programmable Network Manager EPNM 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227...

chromium-browser: WebAPI Bypass

extensions/renderer/resources/platformapp.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app...