WordPress Core 4.5.3 - Directory Traversal / Denial of Service

Path traversal vulnerability in WordPress Core Ajax handlers Abstract A path traversal vulnerability was found in the Core Ajax handlers of the WordPress Admin API. This issue can potentially be used by an authenticated user Subscriber to create a denial of service condition of an affected...

WordPress <= 4.5.3 - Path traversal

WordPress prior to 4.5.3 is prone to a path traversal vulnerability. It was found in the Core Ajax handlers of the WordPress Admin API. Solution Update WordPress to 4.6...

New Relic: CSRF - Regenerate all admin api keys

Hi The request to regenerate all admin api keys is a GET request without CSRF protection. As such, you can regenerate someone's keys using csrf. While not too big of an issue the admin can always see the keys and use them its certainly annoying and can cause business disruption. Additionally, a...

Toxy - Hackable Http Proxy To Simulate Server Failure Scenarios And Network Conditions

Toxy is a fully programmatic and hackable HTTP proxy to simulate server failure scenarios and unexpected network conditions , built for node.js / io.js . It was mainly designed for fuzzing/evil testing purposes, when toxy becomes particularly useful to cover fault tolerance and resiliency...

ColdFusion 9-10 - Credential Disclosure Exploit

ColdFusion...

2012.1.1: fails to validate tokens in Admin API

The 1 OS-KSADM/services and 2 tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services...

Keystone: Lack of authorization for adding users to tenants

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...

Fedora 17 : openstack-keystone-2012.1.2-4.fc17 (2012-13075)

Require authz to update user's tenant CVE-2012-3542 - Delete user tokens after role grant/revoke CVE-2012-4413 - Fails to validate tokens in Admin API CVE-2012-4456 - Fails to raise Unauthorized user error for disabled tenant CVE-2012-4457 Note that Tenable Network Security has extracted the...

PYSEC-2012-19

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...

CVE-2012-3542

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...

PT-2012-4796 · Openstack · Openstack Keystone +1

Name of the Vulnerable Software and Affected Versions: OpenStack Keystone versions prior to folsom-rc1 OpenStack Essex 2012.1 Description: The issue allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API...

Windows Azure Pack: Admin API

Windows Azure Pack: Admin API...