CA API Developer Portal Cross-Site Scripting Vulnerability (CNVD-2018-06877)

CA API Developer Portal is a set of applications for software developers to provide API Application Programming Interface query function of the U.S. CA. apiExplorer is one of the API detector. A cross-site scripting vulnerability exists in apiExplorer in CA API Developer Portal, which stems from...

CloudBees Jenkins Dependency Graph Viewer plugin unauthorized modification vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Dependency Graph Viewer is used in o...

DEBIAN-CVE-2017-15091

An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly...

httpd: ap_get_basic_auth_pw() authentication bypass

It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...

Claymore Dual GPU miner buffer overflow vulnerability

Claymore Dual GPU miner is a GPU monitoring software for mining virtual currency computing. A buffer overflow vulnerability exists in the remote management interface's request handler in Claymore Dual GPU miner version 10.1. The vulnerability can be exploited by a remote attacker to execute...

Huawei Mobile GPU Driver Memory Double Release Vulnerability

Huawei Mate 9 and Mate 9 Pro are both smartphone products from the Chinese company Huawei.GPU driver is one of the graphics drivers used in... A double release vulnerability exists in the GPU driver in Huawei Mate 9 versions prior to MHA-AL00B 8.0.0.334C00 and Mate 9 Pro versions prior to LON-AL0...

CODESYS Service Detection (TCP)

TCP based detection of services supporting / using the CODESYS programming interface / runtime. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Circle with Disney Denial of Service Vulnerability (CNVD-2017-33240)

Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. A denial of service vulnerability exists in the API daemon in Circle with Disney version 2.0.1. The vulnerability can be exploited to...

dayrui FineCms Cross-Site Scripting Vulnerability

dayrui FineCms is China Tianrui dayrui program design team released a set of content management system CMS using MVC architecture and PDO database interface development. A cross-site scripting vulnerability exists in the controllers/api.php file in dayrui FineCms 5.0.10 and earlier versions. A...

4: ovirt-engine exposes cloud-init root password via REST API

It is reported that the RHV 4 REST API exposes data used in cloud-init which can include the root password used when creating a system...

CVE-2017-1322

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918...

File upload vulnerability in finecms

FineCMS is a small and medium-sized content management system based on PHP+MySql+CI framework. File upload vulnerability exists in FineCMS. A file upload vulnerability exists in the newajaxupload function in \dayrui\controllers\member\Api.php, which can be exploited by an attacker to construct da...

WordPress API Data Handling Error Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress suffers from an API data handling error vulnerability. An attacker can exploit this vulnerability to execute...

Multiple Denial of Service Vulnerabilities in Linksys Smart Wi-Fi Routers

Linksys Smart Wi-Fi Routers are smart Wi-Fi routers. Multiple denial of service vulnerabilities exist in Linksys Smart Wi-Fi Routers. Allows an unauthenticated attacker to create a denial-of-service DoS condition on the router that will cause the router to stop responding or reboot by sending...

IBM API Connect Command Execution Vulnerability

IBM API Connect is a suite of integrated solutions for managing the API lifecycle and IBM NPM is a suite of NodeJS package management and distribution tools. A command execution vulnerability exists in IBM API Connect. An attacker could exploit this vulnerability to execute arbitrary commands on ...

CVE-2016-4950

Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions...

CVE-2016-6068

IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties...

Cisco Unified Communications Manager Information Disclosure Vulnerability (CNVD-2016-06424)

Cisco Unified Communications Manager CUCM, Unified CM is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. An information disclosure hole exists in the...

foreman: API and UI actions/URLs not limited to the orgs/locations assigned

It was found that the foreman API and UI actions and URLs are not properly limited to the organizations and locations they were assigned to. This could allow an attacker to view and update other organizations and locations in the system that they should not be allowed to...

IBM API Connect and NPM Remote Information Disclosure Vulnerability

IBM API Connect is a suite of integrated solutions for managing the API lifecycle and IBM NPM is a suite of NodeJS package management and distribution tools. A security vulnerability exists in IBM API Connect and NPM that allows remote attack attackers to submit special requests to obtain sensiti...