341 matches found
Authentication flaw
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...
CVE-2017-16818
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...
CVE-2017-16818
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...
CVE-2017-16818
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...
CVE-2017-16818
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...
CVE-2017-16818
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...
WordPress 4.5.x < 4.6 Multiple Vulnerabilities
Binary data 9949.prm...
WordPress Admin API Directory Traversal (CVE-2016-6896)
A directory traversal vulnerability has been reported in WordPress. This vulnerability is due to incorrect validation of a user supplied path for directory traversal characters. An authenticated user with subscriber privileges could exploit this vulnerability by sending specially crafted requests...
WordPress < 4.6 Multiple Vulnerabilities
According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.6. It is, therefore, affected by multiple vulnerabilities : - A path traversal vulnerability exists in the WordPress Admin API in the wpajaxupdateplugin function in...
WordPress Core 4.5.3 - Directory Traversal / Denial of Service
Path traversal vulnerability in WordPress Core Ajax handlers Abstract A path traversal vulnerability was found in the Core Ajax handlers of the WordPress Admin API. This issue can potentially be used by an authenticated user Subscriber to create a denial of service condition of an affected...
WordPress <= 4.5.3 - Path traversal
WordPress prior to 4.5.3 is prone to a path traversal vulnerability. It was found in the Core Ajax handlers of the WordPress Admin API. Solution Update WordPress to 4.6...
New Relic: CSRF - Regenerate all admin api keys
Hi The request to regenerate all admin api keys is a GET request without CSRF protection. As such, you can regenerate someone's keys using csrf. While not too big of an issue the admin can always see the keys and use them its certainly annoying and can cause business disruption. Additionally, a...
Toxy - Hackable Http Proxy To Simulate Server Failure Scenarios And Network Conditions
Toxy is a fully programmatic and hackable HTTP proxy to simulate server failure scenarios and unexpected network conditions , built for node.js / io.js . It was mainly designed for fuzzing/evil testing purposes, when toxy becomes particularly useful to cover fault tolerance and resiliency...
ColdFusion 9-10 - Credential Disclosure Exploit
ColdFusion...
2012.1.1: fails to validate tokens in Admin API
The 1 OS-KSADM/services and 2 tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services...
Keystone: Lack of authorization for adding users to tenants
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...
Fedora 17 : openstack-keystone-2012.1.2-4.fc17 (2012-13075)
Require authz to update user's tenant CVE-2012-3542 - Delete user tokens after role grant/revoke CVE-2012-4413 - Fails to validate tokens in Admin API CVE-2012-4456 - Fails to raise Unauthorized user error for disabled tenant CVE-2012-4457 Note that Tenable Network Security has extracted the...
PYSEC-2012-19
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...
CVE-2012-3542
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...
PT-2012-4796 · Openstack · Openstack Keystone +1
Name of the Vulnerable Software and Affected Versions: OpenStack Keystone versions prior to folsom-rc1 OpenStack Essex 2012.1 Description: The issue allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API...