966 matches found
DEBIAN-CVE-2015-5607
Cross-site request forgery in the REST API in IPython 2 and 3...
ludovox.fr XSS vulnerability
Vulnerable URL: http://ludovox.fr/wp-content/plugins/ldvx-profile/api.php?container=no=Publication=listname=shanouillette=%22/%3E%3CsvG/onLoad=alert/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 16.12.2017 Vulnerability type:| XSS Vulnerability status...
data.qld.gov.au XSS vulnerability
Vulnerable URL: https://data.qld.gov.au/api/1/util/snippet/apiinfo.html?resourceid=e88943c0-5968-4972-a15f-38e120d72ec0rooturl=javascript:alert/OPENBUGBOUNTY/// Details: Description| Value ---|--- Patched:| No Latest check for patch:| 13.12.2017 Vulnerability type:| XSS Vulnerability status:|...
CVE-2015-2750
CVE-2015-2750 is an open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 that allows remote attackers to redirect users to arbitrary sites and facilitate phishing via the // sequence. The issue affects Drupal’s URL-related API functions; there is no exploitation detail in the...
Syntribos: An Open Source API Security Testing Tool
PenTestIT RSS Feed Web application security testing is a multi-faceted and yet important domains today. A few years ago, it was only the front end security tests and then came the backend. As newer endpoints are being exposed, it becomes imperative to test their security too. Syntribos is one suc...
api.kostprice.com XSS vulnerability
Open Bug Bounty ID: OBB-276493 Description| Value ---|--- Affected Website:| api.kostprice.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
api.lcc.org XSS vulnerability
Vulnerable URL: http://api.lcc.org/resources/stewardship/MemberRegisterpg.asp?afterbanquet=1/-///'/"//--...
Join Wallarm at ISSA’s Cornerstones of Trust event on June 20th
Next week, local chapter of Information Systems Security Association check them out at http://www.sv-issa.org is organizing a focused security conference looking into the issues of securing end users, enterprise technologies and security processes. Come meet Wallarm to learn about trends and best...
api.bounceexchange.com XSS vulnerability
Vulnerable URL: https://api.bounceexchange.com/capture/submit?callback=%3Cscript%3Ealert%28%27OPENBUGBOUNTY%27%29%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 04.10.2017 Latest check for patch:| 04.10.2017 15:54 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...
CVE-2016-6335
CVE-2016-6335 affects MediaWiki: versions prior to 1.23.15, 1.26.x prior to 1.26.4, and 1.27.x prior to 1.27.1. The vulnerability allows remote attackers to obtain sensitive information via a parse action to api.php due to failure to generate head items in the context of a given title. Impact is ...
CVE-2017-7283
CVE-2017-7283 affects Unitrends Enterprise Backup prior to 9.1.2. An authenticated user can trigger arbitrary OS command execution by supplying a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php. The NVD data...
Kong and Wallarm Partner Up to Boost Microservices API Security
Wallarm has partnered with Mashape to provide the microservices community with API security. Mashape enterprise customers who use Kong API gateway can now quickly add API security protection without change in Kong user’s deployment. Read more about Kong and Wallarm partnership in this blog. Today...
math.js remote code execution vulnerability
This article explains in short how we found, exploited and reported a remote code execution RCE vulnerability. It is meant to be a guide to finding vulnerabilities, as well as reporting them in a responsible manner. Step one: discovery While playing around with a wrapper of the math.js API...
shellcode programming: in memory in the parsing API to address-vulnerability warning-the black bar safety net
For Windows all with position-independent code, PIC core feature is based on a real-time analysis the API function address. It is a very important task. Here I introduce two popular methods, the use of the import address table IAT, and export address table to EAT is by far the most stable method...
Showmax: Changing details of other users profile using UUID (IDOR)
Access token uniquely maps to particular user record, which is then the only one accessible to user when doing API calls. Issue arise when intermediate service had used service token to update the user record. That allowed accessing user details of other user that the current access token belongs...
api.boomtrain.com Open Redirect vulnerability
Vulnerable URL: https://api.boomtrain.com/ct?url=https://www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status...
api.successfn.com XSS vulnerability
Vulnerable URL: http://api.successfn.com/getDjNews.php?jsoncallback=prompt/OPENBUGBOUNTY/...
api.skiline.cc XSS vulnerability
Vulnerable URL: http://api.skiline.cc/widgets/index.php?lang=no" Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 23:38 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website...
Fedora 22 : mediawiki (2015-122a831a05)
T94116 SECURITY: Compare API watchlist token in constant time - T97391 SECURITY: Escape error message strings in thumb.php - T106893 SECURITY: Don't leak autoblocked IP addresses on Special:DeletedContributions - T102562 Fix InstantCommons parameters to handle the new HTTPS-only policy of...
Swagger 通过参数注入远程代码执行漏洞
详情来源: R7-2016-06 This disclosure will address a class of vulnerabilities in a Swagger Code Generator in which injectable parameters in a Swagger JSON or YAML file facilitate remote code execution. This vulnerability applies to NodeJS, PHP, Ruby, and Java and probably other languages as well. Othe...