1967 matches found
CVE-2014-9355
Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint...
Cross site request forgery (csrf)
Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint...
CVE-2014-9355
Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint...
CVE-2014-9355
Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint...
CVE-2014-9355
Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint...
User avatar upload endpoint is vulnerable to XSRF
Stash, as 2.12, will allows users to upload local avatars to their account STASHDEV-6182. That upload is submitted to a non-API end point that accepts a POST request with the avatar as data-uri|https://en.wikipedia.org/wiki/DataUri. Currently, because the form is submitted by AJAX, the end point ...
UBUNTU-CVE-2013-4302
1 ApiBlock.php, 2 ApiCreateAccount.php, 3 ApiLogin.php, 4 ApiMain.php, 5 ApiQueryDeletedrevs.php, 6 ApiTokens.php, and 7 ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the...