CVE-2018-7058

Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest...

Dataiku DSS Information Disclosure Vulnerability

Dataiku DSS is a data processing collaboration platform. the REST API is one of the APIs that supports lightweight REST style web scripts. A security vulnerability exists in the REST API in Dataiku DSS versions prior to 4.2.3. A remote attacker could exploit the vulnerability to obtain sensitive...

The vulnerability of the Qualcomm Qurt API component of the Android operating system allows a hacker to trigger buffer overflows.

The vulnerability of the Qualcomm Qurt API in the Android operating system is caused by a numerical overflow. Exploiting this vulnerability can allow a malicious actor to trigger a buffer overflow...

CVE-2018-7248

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it...

IBM API Connect Information Disclosure Vulnerability (CNVD-2018-09244)

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect. An attacker can exploit the vulnerability to gai...

Paessler PRTG Network Monitor Denial of Service Vulnerability

Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler AG, Germany. A security vulnerability exists in Paessler PRTG Network Monitor prior to version 18.1.39.1648, which can be exploited to cause a denial of service due to a failure of the progra...

CA API Developer Portal Cross-Site Scripting Vulnerability (CNVD-2018-06877)

CA API Developer Portal is a set of applications for software developers to provide API Application Programming Interface query function of the U.S. CA. apiExplorer is one of the API detector. A cross-site scripting vulnerability exists in apiExplorer in CA API Developer Portal, which stems from...

CloudBees Jenkins Dependency Graph Viewer plugin unauthorized modification vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Dependency Graph Viewer is used in o...

DEBIAN-CVE-2017-15091

An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly...

The vulnerability of the api.php script of the software framework for implementing the MediaWiki hypertext environment allows a hacker to execute arbitrary code.

The vulnerability of the api.php script of the software framework for implementing the MediaWiki hypertext environment exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially prepar...

httpd: ap_get_basic_auth_pw() authentication bypass

It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...

Claymore Dual GPU miner buffer overflow vulnerability

Claymore Dual GPU miner is a GPU monitoring software for mining virtual currency computing. A buffer overflow vulnerability exists in the remote management interface's request handler in Claymore Dual GPU miner version 10.1. The vulnerability can be exploited by a remote attacker to execute...

Huawei Mobile GPU Driver Memory Double Release Vulnerability

Huawei Mate 9 and Mate 9 Pro are both smartphone products from the Chinese company Huawei.GPU driver is one of the graphics drivers used in... A double release vulnerability exists in the GPU driver in Huawei Mate 9 versions prior to MHA-AL00B 8.0.0.334C00 and Mate 9 Pro versions prior to LON-AL0...

CODESYS Service Detection (TCP)

TCP based detection of services supporting / using the CODESYS programming interface / runtime. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Circle with Disney Denial of Service Vulnerability (CNVD-2017-33240)

Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. A denial of service vulnerability exists in the API daemon in Circle with Disney version 2.0.1. The vulnerability can be exploited to...

The vulnerability of the REST API interface of the Cisco IOS XE operating system allows a perpetrator to bypass authentication procedures and gain access to the web interface.

The vulnerability of the REST API interface of the Cisco IOS XE operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures and gain access to the web interface by sending a specially crafted API...

dayrui FineCms Cross-Site Scripting Vulnerability

dayrui FineCms is China Tianrui dayrui program design team released a set of content management system CMS using MVC architecture and PDO database interface development. A cross-site scripting vulnerability exists in the controllers/api.php file in dayrui FineCms 5.0.10 and earlier versions. A...

4: ovirt-engine exposes cloud-init root password via REST API

It is reported that the RHV 4 REST API exposes data used in cloud-init which can include the root password used when creating a system...

CVE-2017-1322

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918...

File upload vulnerability in finecms

FineCMS is a small and medium-sized content management system based on PHP+MySql+CI framework. File upload vulnerability exists in FineCMS. A file upload vulnerability exists in the newajaxupload function in \dayrui\controllers\member\Api.php, which can be exploited by an attacker to construct da...