966 matches found
api-pietrowice.hekko24.pl Cross Site Scripting vulnerability OBB-3012866
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Privilege escalation
An arbitrary file upload vulnerability in the apiImportLabs function in apilabs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file...
Gain Control of Rapidly Securing Your Critical APIs Without Worrying About Your Backend Stack
Imagine trying to protect your web application farm, while needing to integrate with all the different web servers backend stacks on a one-to-one basis. This requires a WAF that understands systems such as Nginx, Apache, IIS, and Tomcat. You will effectively start a project that will never end du...
Out with the WAF, in with the WAAP
Advanced attacks call for advanced protection Bad actors are constantly discovering new attack vectors to exploit applications. To meet the threat, organizations need enterprise-level security more now than ever. Traditionally, implementing a Web Application Firewall WAF would be enough to secure...
PT-2022-16257 · Wisa · Smart Wing Cms
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: This issue could allow a remote attacker to execute remote commands due to improper validation of parameters of certain API constructors. Remote attacke...
CVE-2022-39308
GoCD versions 19.2.0–19.10.0 are vulnerable to a timing-attack in access token validation due to non–constant-time string comparison, potentially enabling brute-forcing of API tokens. The issue is fixed in GoCD 19.11.0. Workarounds include rate limiting or introducing random delays at the GoCD se...
CVE-2022-2828
In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference IDOR vulnerability...
Double free
ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as...
Want More Secure Software? Start Recognizing Security-Skilled Developers
Professional developers want to do the right thing, but in terms of security, they are rarely set up for success. Organizations must support their upskilling with precision training and incentives if they want secure software from the ground up. The cyber threat landscape grows more complex by th...
CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...
At Kong Summit 2022, Imperva Will Demonstrate how to Use Terraform to Onboard Kong-managed Apps and Discover API Endpoints
Imperva and Kong are working together to simplify APIs Imperva is attending Kong’s 2022 Summit on September 28 and 29 in San Francisco. Imperva’s Summit booth will feature both a recorded and live demo built to showcase how Kong and Imperva seamlessly integrate using Terraform. Imperva, a...
CVE-2022-39217 Improper Neutralization of Formula Elements in a CSV File in ghas-to-csv
some-natalie/ghas-to-csv GitHub Advanced Security to CSV is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom...
api.arcadier.com Cross Site Scripting vulnerability OBB-2922127
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-37190
CuppaCMS 1.0 is vulnerable to Remote Code Execution RCE. An authenticated user can control both parameters action and function from "/api/index.php...
api.bg Cross Site Scripting vulnerability OBB-2911991
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
What’s most important for a CISO in API security?
As threats to networks and systems have changed, so have CISOs’ priorities. API security has grown more important with everything as a service and in the cloud. Todays CISOs must ensure they have a plan for protecting APIs. To learn what’s most crucial when protecting APIs, we surveyed CISOs and...
Integrating API Security and WAF into K8s Kong API Gateway
Article by Jiju Jacob, Director of Engineering at Revenera This is an update of Mr. Jacobs’ 05/23 post in his Medium blog. He is a Director of Engineering at Revenera. Revenera, born as InstallShield and now a Flexera company, helps software and technology companies use open source solutions more...
U.S. Dept Of Defense: Authentication bypass leads to Information Disclosure at U.S Air Force "https://███"
Hi Hackerone Triage team, I'm new in this program, what i understood that every Web Owned/Operated by DoD is in scope , so i did some google searches , exactly in wikipedia and i've find this PNG that confirms that U.S Air Force is in scope :...
Imperva Boosts Connectivity with New PoP in Manila
We are delighted to announce the addition of a new Imperva Point of Presence PoP in the Asia Pacific region with the opening of our new data center in Manila, Philippines. The new location brings our total number of PoPs in Asia to 15, significantly boosting our presence in the region and providi...
What are JWT Injections, and Why do You Need to Know About Them
JSON Web Tokens JWTs for short are the new standard for transmitting identity information in the digital age. JWTs are JSON objects that act as an identifier for your user or application. They’re used to authenticate users and securely transmit secrets as part of an API, application, or service...