The vulnerability of the Apache HTTP Server web server allows attackers to circumvent existing access restrictions.

The vulnerability of the apsomeauthrequired function in the server/request.c component of the Apache HTTP Server is related to deficiencies in access control for certain functions. Exploiting this vulnerability could allow a malicious actor to circumvent existing access restrictions due to the...

The vulnerability of the Adobe Reader DC PDF viewer program, which allows a hacker to circumvent access restrictions

The vulnerability of the Adobe Reader DC PDF viewer program is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to bypass restrictions on access to the JavaScript API...

Cisco Access Control Server Remote Denial of Service Vulnerability

The Cisco Secure Access Control System is the access policy control platform. A remote denial of service vulnerability exists in the REST API in Cisco Access Control Server ACS version 5.5 0.46.2, which can be exploited by a remote attacker to cause a denial of service by sending numerous request...

Cisco Access Control Server Representational State Transfer Application Programming Interface Denial of Service Vulnerability

A vulnerability in the Representational State Transfer REST application programming interface API of the Cisco Access Control Server ACS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to how the ACS REST API handles increased...

foreman-proxy: failure to verify SSL certificates

It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted...

Cisco WebEx Meetings Server Authentication Bypass Vulnerability

Cisco WebEx Meetings are web conferencing solutions. An authentication bypass vulnerability in the play/modules component in Cisco WebEx Meetings Server allows remote attackers to gain administrator privileges via a crafted API request...

CVE-2014-1996

Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call...

Cybozu Garoon 3 API access restriction bypass vulnerability

Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability CWE-264 when using Garoon APIs. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest...

UBUNTU-CVE-2014-1736

Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value...

DEBIAN-CVE-2014-0167

The Nova EC2 API security group implementation in OpenStack Compute Nova 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for 1 addrules, 2 removerules, 3 destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows...

PT-2014-3512 · Openstack +1 · Openstack Compute +1

Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions 2013.1 through 2013.2.3 OpenStack Compute Nova icehouse before icehouse-rc2 Description: The issue concerns the Nova EC2 API security group implementation, which fails to enforce Role-Based Access Control RBAC...

foreman: app/controllers/api/v1/hosts_controller.rb API privilege escalation

app/controllers/api/v1/hostscontroller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request...

Scientific Linux Security Update : perl-DBD-Pg on SL5.x, SL6.x i386/x86_64 (20120725)

Perl DBI is a database access Application Programming Interface API for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially crafted database warning or error message from a server could cause...

RedHat Update for perl-DBD-Pg RHSA-2012:1116-01

Check for the Version of perl-DBD-Pg OpenVAS Vulnerability Test RedHat Update for perl-DBD-Pg RHSA-2012:1116-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

PT-2011-2779 · Cisco · Ciscoworks Common Services

Name of the Vulnerable Software and Affected Versions: CiscoWorks Common Services versions 3.3 and earlier Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the device parameter in the cwhp/device.center.do API endpoint in t...

Oracle Database Server ctxsys.driload Access Validation (CVE-2004-0637)

Stored procedures are a powerful feature of an Oracle database server. They are essentially a set of SQL statements that are stored server-side, which are called by name and optionally passed a set of parameters. Stored procedures provide improved performance, because only data specific to the...

VMware VIX API Multiple Buffer Overflow Vulnerabilities

VMware VIX, an application programming interface to manipulate virtual machines is installed on the remote host. The installed version of VMware VIX API is affected by multiple buffer overflow vulnerabilities. Successful exploitation of these issues could allow arbitrary code execution on the hos...

Microsoft Windows Speech Components sapi.dll Code Execution (MS08-032; CVE-2007-0675)

The ActiveX Speech Components sapi.dll is part of the Microsoft Speech Application Programming Interface SAPI that allows the use of speech recognition and speech synthesis within Windows applications. A remote code execution vulnerability has been reported in the ActiveX Speech Components...

Joomla 1.0.12 CMS - Session fixation Issue in backend Administration interface

==================================================================================== Team Intell Security Advisory TISA2007-03 ------------------------------------------------------------------------------------ Joomla 1.0.12 CMS - Session fixation Issue in backend Administration interface...

Microsoft Security Bulletin MS05-040 Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)

Microsoft Security Bulletin MS05-040 Vulnerability in Telephony Service Could Allow Remote Code Execution 893756 Issued: August 9, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating:...