CVE-2017-16930

The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging...

CVE-2017-16930

The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging...

CVE-2017-16930

Claymore's Dual ETH miner (GPU) remote management interface in version 10.1 is affected by an unauthenticated stack-based buffer overflow triggered by logging an overly long API request. The vulnerability arises from logging via sprintf into a fixed-size 0x4000-byte buffer, enabling potential rem...

Circle with Disney Token Routing Vulnerability(CVE-2017-12085)

Summary An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability. Tested...

Cisco IOS XE Software Web UI REST API Authentication Bypass Vulnerability

A vulnerability in the REST API of the web-based user interface web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for the REST A...

PT-2021-5495 · Saltstack +3 · Saltstack Salt +3

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5 Description: The issue is related to errors in processing input data in the ssh client of the salt-api in SaltStack Salt. This can allow a remote attacker to execute arbitrary commands with elevated...

Uber: Uber is Flooding my Mobile with SMS Daily like a cron JOB

The Issue is with the design of sending SMS by the uber referrals system, and every day it's flodding my phone number with driver invitaion message To reproduce this scenario i have Fuzz the below request Through OWSAP Zap I fuzzed for 10,000 requests , keep the same Phone number I have used my...

CVE-2016-1387

The XML API in TelePresence Codec TC 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint CE 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes v...

CVE-2016-1387

Cisco TelePresence TC (Codec) 7.2.x–7.3.x and CE (Collaboration Endpoint) 8.0.x–8.1.x are affected by an authentication bypass in the XML API due to improper authentication implementation. An unauthenticated, remote attacker can bypass XML API authentication and perform configuration changes or i...

Input validation

Incomplete blacklist vulnerability in the configisprivate function in configapi.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request...

Cross site request forgery (csrf)

IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request...

Udemy: Extremely high Course rating values could be set in order to make really high Average rating of the course. Negative values could be set to.

Authenticated user can register for some course paid or free. After registering and taking couple of lectures "Rate course" functional becomes active. Malicious user can fill the rating form and submit it. By intercepting request to the server's API by using intercepting proxy tool and modify...

CVE-2014-7814

SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine CFME 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter...

Sql injection

SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine CFME 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter...

X (Formerly Twitter): fabric.io - app member can make himself an admin

Let say, Alice is a member of TestApp. - Log into fabric.io as Alice and navigate to settings. - Click on Apps and choose TestApp. - Click on team members link and notice that Alice role is Member. Clicking on team members link sends a similar request as shown below. GET...

X (Formerly Twitter): [Stored XSS] vine.co - profile page

Stored XSS via API request: While creating new account in Windows mobile app, i noticed this request: PUT /users/1147563919679037440 HTTP/1.1 avatarUrl=https%3A%2F%2Fvines.s3.amazonaws.com%2Favatarstrellis%2F2014%2F11%2F21%2F0B2EAE2EB811475639291495546881.3.4.jpg&username= it seems that the...

CVE-2014-3708

OpenStack Compute Nova before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service CPU consumption via an IP filter in a list active servers API request...

CVE-2014-2021

Cross-site scripting XSS vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name...

Cross site scripting

Cross-site scripting XSS vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name...

CVE-2014-2021

CVE-2014-2021 describes a persistent cross-site scripting (XSS) vulnerability in vBulletin’s AdminCP/ApiLog via the XMLRPC API. Affected products are vBulletin 4.x and 5.x (to date), with testing/verification noting versions up to 4.2.2 and 5.0.x, including 5.0.5. The root cause is improper sanit...