Foreman API and UI Privilege Vulnerability

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. A privilege-lifting vulnerability exists in the Foreman API and UI. When a restricted user from a specif...

NTT Broadband Platform Japan Connected-free Wi-Fi for Android and iOS Arbitrary API Execution Vulnerability

NTT Broadband Platform Japan Connected-free Wi-Fi for Android and iOS is a suite of Android and iOS-based applications from NTT Broadband Platform Japan for finding and automatically connecting to nearby free Wi-Fi in Japan. It is a set of Android and iOS based applications for NTT Broadband...

Red Hat Satellite SQL Injection Vulnerability

Red Hat Satellite is a suite of system management platforms from Red Hat, Inc. that can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in the 'sortby' and 'sortorder' parameters...

CloudBees Jenkins CI and Jenkins LTS Information Disclosure Vulnerability

CloudBees Jenkins CI formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor ongoing software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI is a...

CVE-2016-3655

The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call...

Palo Alto Networks PAN-OS Command Injection Vulnerability (CNVD-2016-02034)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A security vulnerability exists in Palo Alto Networks PAN-OS. Due to the program failing to properly parse the input of an API call. An attacker could exploit this vulnerability to...

RabbitMQ: /api/... XSS vulnerability

A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the...

RabbitMQ: /api/... XSS vulnerability

A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the...

server: build config to a strategy that isn't allowed by policy

An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain build-configuration strategies. A remote attacker could create build configurations with strategies that violate policy. Although the attacker could not launch the buil...

IBM Maximo Asset Management Information Disclosure Vulnerability

IBM Maximo Asset Management is a suite of IT asset management solutions from IBM USA. An information disclosure vulnerability exists in IBM Maximo Asset Management. It allows remote authenticated users to access sensitive information via a REST API...

Cisco Hosted Collaboration Mediation Fulfillment SOAP API Sensitive Information Disclosure Vulnerability

A vulnerability in the Simple Object Access Protocol SOAP application programming interface API of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an authenticated, remote attacker to obtain sensitive information that should be restricted. The attacker must authentica...

applican vulnerable to script injection

Overview applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in proccessing URL. Note that this vulnerability is different from JVN71088919. Kenta Suefusa and Tomonori Shiom...

Vulnerability in Newphoria MEGAPHONE MUSIC application

Newphoria MEGAPHONE MUSIC application for Android and iOS is a suite of music player applications based on the Android and iOS platforms from Newphoria Japan. A security vulnerability exists in the Newphoria MEGAPHONE MUSIC application for Android and iOS. The vulnerability can be exploited by an...

OpenShift: Malformed JSON can cause API process crash

It was found that improper error handling in the API server could cause the master process to crash. A user with network access to the master could use this flaw to crash the master process...

foreman: API not scoping resources to taxonomies

A flaw was found in the way foreman authorized user actions on resources via the API when an organization was not explicitly set. A remote attacker could use this flaw to obtain additional information about resources they were not authorized to access...

Cisco Access Control Server Remote Denial of Service Vulnerability

The Cisco Secure Access Control System is the access policy control platform. A remote denial of service vulnerability exists in the REST API in Cisco Access Control Server ACS version 5.5 0.46.2, which can be exploited by a remote attacker to cause a denial of service by sending numerous request...

Cisco Access Control Server Representational State Transfer Application Programming Interface Denial of Service Vulnerability

A vulnerability in the Representational State Transfer REST application programming interface API of the Cisco Access Control Server ACS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to how the ACS REST API handles increased...

foreman-proxy: failure to verify SSL certificates

It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted...

Cisco WebEx Meetings Server Authentication Bypass Vulnerability

Cisco WebEx Meetings are web conferencing solutions. An authentication bypass vulnerability in the play/modules component in Cisco WebEx Meetings Server allows remote attackers to gain administrator privileges via a crafted API request...

[SECURITY] Fedora 19 Update: python-2.7.5-15.fc19

Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as t...