CVE-2014-2022

SQL injection vulnerability in includes/api/4/breadcrumbscreate.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request...

Cross site request forgery (csrf)

The external node classifier ENC API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request...

CVE-2013-6391

The ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...

Cross site request forgery (csrf)

app/controllers/api/v1/hostscontroller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request...

VMSA-2012-0016:VMware security updates for vSphere API and ESX Service Console

VMSA-2012-0016 VMware security updates for vSphere API and ESX Service Console VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0016 VMware Security Advisory Synopsis: VMware security updates for vSphere API and ESX Service Console VMware Security Advisory Issue date:...