CVE-2018-0245

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...

Mail.ru: [3k.mail.ru] - Content spoofing

Text content spoofing protection bypass within application interface in 3k.mail.ru. Text-only content spoofing reports are usually not accepted. This report was triaged, because application had protection which was bypassed by reseracher. 3k.mail.ru is not in bug bounty scope...

NetApp OnCommand API Services Information Disclosure Vulnerability

NetApp OnCommand API Services is the United States NetApp set of API management tools. An information disclosure vulnerability exists in versions of NetApp OnCommand API Services prior to 1.2P3. A remote attacker could exploit this vulnerability to obtain sensitive information...

Rancher Server Security Bypass Vulnerability

Rancher Server is an open source platform for Docker that integrates native Docker management features such as Docker Machine and Docker Swarm. A security vulnerability exists in Rancher Server version 1.2.0+. An attacker can exploit the vulnerability to disable access control with the help of AP...

CVE-2016-4594

The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call...

The vulnerability of Google Chrome browser allows a malicious actor to trigger a service failure.

The integer overflow in api.cc in Google V8 for Google Chrome allows malicious actors operating remotely to cause service failures or otherwise affect the system, by exploiting the large value of a variable...

Atlassian Bamboo Ignite Realtime Smack XMPP API Arbitrary Code Execution Vulnerability

Atlassian Bamboo is a set of continuous integration build tools from Atlassian Australia. A security vulnerability in the Ignite Realtime Smack XMPP API used in Atlassian Bamboo versions prior to 5.9.9 and 5.10.x prior to 5.10.0 can be exploited by remote attackers to execute arbitrary Java code...

The vulnerability of the application interface of IBM WebSphere Portal servers allows a hacker to gain access to read data or modify data.

The vulnerability of the application interface of IBM WebSphere Portal servers exists due to the lack of measures to eliminate special elements in LDAP requests implementation of LDAP. Exploiting this vulnerability allows a malicious actor to gain access to read data or modify data remotely...

The vulnerability of the application interface of the IBM WebSphere Portal server allows a hacker to modify elements of the content.

The vulnerability of the application interface of the IBM WebSphere Portal server is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to remotely modify content elements using the application interface...

RabbitMQ: /api/... XSS vulnerability

A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the...

Newphoria Photon Application Authentication Bypass Vulnerability

Newphoria Photon for Android is a suite of lighting applications based on the Android platform from the Japanese company Newphoria. A security restriction bypass vulnerability exists in the Newphoria Photon application. It allows attackers to bypass URL whitelisting protection mechanisms and gain...

The vulnerability of the Acrobat text viewing program allows a violator to circumvent access restrictions.

The vulnerability of the Acrobat text viewing program arises when using the JavaScript API, and it could allow a malicious actor to circumvent current access control regulations remotely...

foreman-proxy: failure to verify SSL certificates

It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted...

MS-DOS: Arbitrary command execution in MS-DOS

Versions 1.1 and 2.0 of MS-DOS allow a malicious actor to execute arbitrary system commands via the main application interface. Prerequisites: MS-DOS 1.1 or MS-DOS 2.0 installation Input device e.g. keyboard Steps to reproduce: Enter the command mode Type VER to make sure that the system is on of...

Buffer overflow

Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service webapp interface outage via long values in unspecified fields, aka Bug ID CSCuh10343...

CVE-2013-5532

The CVE-2013-5532 case affects Cisco 9900 Series IP phones. The issue is a buffer overflow in the web-application interface caused by insufficient validation of certain input fields, allowing remote attackers to trigger a denial of service (webapp interface outage). Reported by Cisco and Red Hat ...

CVE-2013-5532

Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service webapp interface outage via long values in unspecified fields, aka Bug ID CSCuh10343...

CVE-2010-3684

The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453...

CVE-2010-3684

CVE-2010-3684 concerns the FTP authentication module in Synology Disk Station 2.x, where passwords are logged to the web interface during incorrect login attempts. This behavior allows local users to read sensitive credentials from the log, and is noted as a different issue from CVE-2010-2453. Co...