IBAX go-ibax SQL注入漏洞

IBAX go-ibax is a blockchain system platform from IBAX Corporation. IBAX go-ibax suffers from a SQL injection vulnerability that stems from unknown functionality in file/api/v2/open/tablesInfo, where manipulation of parameter callbacks leads to SQL injection...

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Summary There are multiple vulnerabilities in the swagger-ui library used by Liberty for Java for IBM Cloud with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0, openapi-3.0 or the openapi-3.1 feature enabled. These vulnerabilities could allow spoofing attacks or clickjacking...

7Rapid Questions: Stephen Donnelly

At Rapid7, there's no shortage of passionate leaders looking to challenge convention and make an impact. Our "7Rapid Questions" series is a way to highlight some of the amazing work taking place behind the scenes, and the exciting growth opportunities available in our global offices. For this...

PYSEC-2020-71

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution...

Stronger Together, Red Hat 3scale Integration

Most enterprises today rely on customers accessing their applications to conduct daily business. These enterprises know by now that application programming interfaces APIs are becoming more common than ever before to enable communication between applications and end users. Even though they are...

CB Customer Spotlight: Q&A with Netflix DVD’s Jimmy Sanders

Recently we sat down with Jimmy Sanders, VP of Information Security at Netflix DVD, to talk about his upcoming presentation for CB Connect, Carbon Black’s customer conference. Sanders was one of the headliners at CB Connect 2018, and this year he will be speaking to his peers in the Security...

MAGA 'Safe Space' App Developer Threatens Security Researcher

UPDATE A newly released 63red Safe mobile app that aims to help wary Trump supporters find “safe” and conservative-friendly places to wear Make America Great Again MAGA gear turns out to have a host of security issues, according to one researcher. Meanwhile, Scott Wallace, the Oklahoma-based mobi...

Deserialization of Untrusted Data in swagger-parser

A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...

vertx: API Validation XML Schemas do not forbid file system access

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...

WordPress: Open API For Username enumeration

We Can do username enumeration, Reproduce: 1. Go any wordpress site. 2.www.site.com/?author=1 type ?author=1 at end of site 3. You will get www.site.com/author/admin now, admin is username of login panel of that site Thanks, Sameer Phad Impact -...

Imperva Python SDK – We’re All Consenting SecOps Here

Managing your WAF can be a complicated task. Custom policies, signatures, application profiles, gateway plugins… there’s a good reason ours is considered the best in the world. Back when security teams were in charge of just a handful of WAF stacks and a few dozen applications, things were...

Design/Logic Flaw

A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...

CVE-2017-1000207

A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...

CVE-2017-1000207

A vulnerability in Swagger-Parser's version = 1.0.30 and Swagger codegen version = 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in...

CVE-2017-1000208

A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...

CVE-2017-1000208

A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...

Design/Logic Flaw

A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...

CVE-2017-1000208

CVE-2017-1000208 involves Swagger-Parser 1.0.30 and earlier with YAML parsing that enables arbitrary code execution when processing crafted OpenAPI specs. It impacts Swagger Codegen commands generate/validate (

CVE-2017-1000208

A vulnerability in Swagger-Parser's version = 1.0.30 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen = 2.2.2 and can lead to...

JSON Swagger CodeGen Parameter Injector

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Gems require 'base64' Project require 'msf/core' class MetasploitModule 'JSON Swagger CodeGen Parameter Injector', 'Description' = %q This module generates a Open API...