IBM API Connect Input Validation Error Vulnerability

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An input validation error vulnerability exists in IBM API Connect. An attacker could exploit thi...

CVE-2017-18444

cPanel before 64.0.21 allows demo accounts to execute SSH API commands SEC-248...

CVE-2018-20905

cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction SEC-429...

The vulnerability of the REST API interface of the Cisco Vision Dynamic Signage Director system allows a hacker to bypass authentication procedures and execute arbitrary code with administrator privileges.

The vulnerability of the REST API interface of the Cisco Vision Dynamic Signage Director system is related to errors in handling HTTP requests. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures and execute arbitrary code with administrator privileges using...

UBUNTU-CVE-2019-10184

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

CVE-2019-1917

A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by...

The vulnerability of D-Link DIR-823G router’s microprogram code, related to access control errors, allows a hacker to intercept the DNS service configuration.

The vulnerability of D-Link DIR-823G router’s microprogram code is related to access control errors. Exploiting this vulnerability allows a malicious actor to intercept DNS service configurations through the API interface using the SetWanSettings function...

CVE-2019-12869

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an...

Remote code execution

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Confi...

CVE-2019-12871

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ proje...

libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients

It was discovered that libvirtd would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would...

CVE-2019-1906

A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure PI could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improper validation of API requests. An attacker could...

DEBIAN-CVE-2018-18839

An issue was discovered in Netdata 1.10.0. Full Path Disclosure FPD exists via api/v1/alarms. NOTE: the vendor says "is intentional...

Unspecified Vulnerability in Google API C++ Client

Google API C++ Client is a C++-based Google API client library from Google USA. An unspecified vulnerability exists in versions of Google API C++ Client prior to 2019-04-10. An attacker can exploit this vulnerability to cause a denial of service...

The vulnerability of the Elastic Services Controller’s network management mechanism, related to errors in API request validation, allows a perpetrator to bypass authentication procedures and execute arbitrary code.

The vulnerability of the Elastic Services Controller’s network management interface is related to errors in checking API requests. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures and execute arbitrary code by sending a specially crafted request to the RE...

Blogifier design flaws

Blogifier is a lightweight open source blog system written using ASP.NET Core . Blogifier 2.3 prior to 2019-05-11 fails to restrict the API properly, as shown by the lack of a check in the pathname for... The check shown in the...

rubygems: Escape sequence injection vulnerability in API response handling

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

rubygems: Escape sequence injection vulnerability in gem owner

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...

Zyxel NAS 326 eval injection vulnerability

Zyxel NAS 326 is a two-drive personal cloud storage device from Zyxel Hopscotch. An eval injection vulnerability exists in the Python web server routing in Zyxel NAS 326 5.21 and earlier versions. A remote authenticated attacker can exploit this vulnerability to execute arbitrary code via the...

PT-2019-19434 · Nagios · Nagios Xi +1

Name of the Vulnerable Software and Affected Versions: Nagios IM versions prior to 2.2.7 Description: The issue allows for authorization bypass in Nagios IM, a component of Nagios XI, enabling the closure of incidents via the API. Recommendations: For versions prior to 2.2.7, update to version...