966 matches found
api.catalufa.net Cross Site Scripting vulnerability OBB-1454401
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Imperva A Seven-Time Magic Quadrant Leader and Named Highest for Completeness of Vision for WAF
Gartner has published its 2020 Gartner Magic Quadrant for Web Application Firewalls WAF and Imperva has been named a Leader for the seventh consecutive year! It’s rare to be a part of defining a market and even less common to lead that market through a fundamental shift. Leading the market throug...
CVE-2020-15269
In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory...
a.api.muchbetter.com Cross Site Scripting vulnerability OBB-1416279
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
What's Next in Security
Whenever we talk about what's next for Akamai's security portfolio, we clearly want to look at the challenges that are top of mind for our customers -- both today and tomorrow. And what a year 2020 has shaped up to be in terms of new challenges for CISOs and their security teams. While most of ou...
API Discovery and Profiling -- Visibility to Protection
APIs have become a dominant mechanism in the modern web, allowing organizations to create powerful web and mobile experiences, while exposing back-end data and logic to create new and innovative offerings. Protecting internet-facing APIs -- an emerging practice over the past few years -- is the...
Providing Security and Acceleration of Single Page Applications
HTTP/2 + gRPC and protobuf Today many digital transformation and DevOps teams have been tasked with building applications that will enhance their customer’s digital experience. The goal, to make the user experience smoother, faster and less impeded by transactional and security controls, is a cor...
Exposed API
apollo-core does not provide secure access controls to the APIs. When exposed to the Internet, the lack of access controls allow any remote user to access and edit the application's configuration...
CVE-2020-26525
Damstra Smart Asset 2020.7 is affected by a SQL injection in the API endpoint API/Asset originator parameter. The root cause is an SQL injection vulnerability that can cause the database and server to initiate remote connections to third‑party DNS servers. This CVE (CVE-2020-26525) is documented ...
Cross-Site Request Forgery (CSRF)
cfme-gemset is vulnerable to cross-site request forgery CSRF. Lack of authenticity verification of requests in the API notifications allows an attacker to submit requests on behalf of an authenticated user...
Cloud-y, with a chance of hacking all the wireless things
Grandstream are a provider of IP video and voice services, as well as Wi-Fi and other related services and equipment. Their products are sold in over 150 countries and they have offices around the globe. We were having a look at their GWN.Cloud management platform, used for remote device and...
api.skiline.cc Cross Site Scripting vulnerability OBB-1370051
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
api.chemchart.com Cross Site Scripting vulnerability OBB-1369645
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2020-15374
CVE-2020-15374 affects Brocade Fabric OS Rest API implementations. The REST API in Brocade Fabric OS versions 8.2.1 through 8.2.1d and 8.2.2 before 8.2.2c is vulnerable to multiple instances of reflected input, as described in advisory material. Impact is indicated as high/critical in related CVS...
api.iternio.com Improper Access Control vulnerability OBB-1350126
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2020-10718
A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is ...
api.m2msuite.com Cross Site Scripting vulnerability OBB-1318098
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
api.shoyo.io Cross Site Scripting vulnerability OBB-1307692
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
api.awarego.com Cross Site Scripting vulnerability OBB-1285487
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2020-3519
Cisco Data Center Network Manager (DCNM) is affected by a REST API path-traversal vulnerability due to insufficient input validation. An authenticated, remote attacker could craft requests to the API and overwrite arbitrary files on affected devices. Public documentation references guidance that ...