966 matches found
CVE-2018-16048
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage...
CVE-2018-17049
CVE-2018-17049 affects CQU-LANKERS up to 2017-11-02. Vulnerability: cross-site scripting (XSS) via the public/api.php callback parameter in the uploadpic action. Root cause: unsanitized callback parameter leading to script injection. Impact: enables injection of client-side scripts (as documented...
Wallarm Kubernetes Ingress Controller
Kubernetes is a popular technology which aims to improve how containers, microservices and other distributed components are managed across varied infrastructure. Since it was first announced by Google in 2014, it has grown in adoption and is now one of the leading system for automated deployment...
X (Formerly Twitter): Access MoPub Reports Data even after Company removed you from their MoPub Account.
Description + Attacking approach API Workflow : - The MoPub Reporting API supports two separate CSV outputs where publishers can retrieve inventory or campaign performance data. - Publishers can retrieve daily reports via making a GET request using the request parameters. - This URL will return a...
Authentication flaw
Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable...
CVE-2018-15598
Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable...
Microsoft Bounty Program Offers Payouts for Identity Service Bugs
Microsoft has lifted the curtain on a new bug-bounty program, offering payouts as high as $100,000 for holes in identity services and implementations of the OpenID standard. The bounty program touches on Microsoft’s array of digital identity solutions, which tout strong authentication, secure...
Building an Effective API Security Strategy: Easy If You Have the Right Tools
In their approach to application programming interface API security, organizations exposing web APIs must balance ease of access with control. Like the bank robber attacking banks because "that's where the money is," the use of APIs to provide access to applications and to business-critical data...
Key Considerations in API security
Every day, there are billions of API calls being executed. These include public APIs, private APIs, SaaS APIs, APIs performing mobile back-end functions and many more. Given the gravity of the threat and the sheer volume of what’s exposed, how do we develop systems that are both safe and robust?...
CVE-2018-12716
The CVE-2018-12716 entry describes an API service vulnerability in Google Home and Chromecast devices prior to mid-July 2018. The issue allows DNS rebinding to read scan_results JSON data and extract BSSID fields, enabling remote readers on the local network to determine the user’s physical locat...
index.bithumb.com XSS vulnerability
Open Bug Bounty ID: OBB-633887 Description| Value ---|--- Affected Website:| index.bithumb.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
api.pmi.ky XSS vulnerability
Open Bug Bounty ID: OBB-632966 Description| Value ---|--- Affected Website:| api.pmi.ky Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Totally Pwning the Tapplock (the API way)
An awesome researcher contacted us on the back of our recent Tapplock pwnage. We had been looking at the local BLE unlock mechanism, however he focussed instead on the mobile app API. Vangelis Stykas @evstykas has found a way to unlock any lock, plus scrape users PII and home addresses. Read his...
api.dar.fm XSS vulnerability
Open Bug Bounty ID: OBB-624753 Description| Value ---|--- Affected Website:| api.dar.fm Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
api.gameallianz.com XSS vulnerability
Open Bug Bounty ID: OBB-622635 Description| Value ---|--- Affected Website:| api.gameallianz.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
api.raboag.com XSS vulnerability
Open Bug Bounty ID: OBB-617880 Description| Value ---|--- Affected Website:| api.raboag.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
api.trustyou.com XSS vulnerability
Open Bug Bounty ID: OBB-613446 Description| Value ---|--- Affected Website:| api.trustyou.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
api.autopilothq.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-598302 Description| Value ---|--- Affected Website:| api.autopilothq.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
CVE-2018-6586
CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing...
api.betaout.com XSS vulnerability
Open Bug Bounty ID: OBB-579754 Description| Value ---|--- Affected Website:| api.betaout.com Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...