The vulnerabilities in Acrobat software allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability exists in the Acrobat API due to the access to unmaped memory. Exploiting this vulnerability allows attackers to execute arbitrary code by using API calls...

NTT Broadband Platform Japan Connected-free Wi-Fi for Android and iOS Arbitrary API Execution Vulnerability

NTT Broadband Platform Japan Connected-free Wi-Fi for Android and iOS is a suite of Android and iOS-based applications from NTT Broadband Platform Japan for finding and automatically connecting to nearby free Wi-Fi in Japan. It is a set of Android and iOS based applications for NTT Broadband...

Red Hat Satellite SQL Injection Vulnerability

Red Hat Satellite is a suite of system management platforms from Red Hat, Inc. that can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in the 'sortby' and 'sortorder' parameters...

CloudBees Jenkins CI and Jenkins LTS Information Disclosure Vulnerability

CloudBees Jenkins CI formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor ongoing software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI is a...

CVE-2016-3655

The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call...

Palo Alto Networks PAN-OS Command Injection Vulnerability (CNVD-2016-02034)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A security vulnerability exists in Palo Alto Networks PAN-OS. Due to the program failing to properly parse the input of an API call. An attacker could exploit this vulnerability to...

RabbitMQ: /api/... XSS vulnerability

A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the...

RabbitMQ: /api/... XSS vulnerability

A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the...

server: build config to a strategy that isn't allowed by policy

An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain build-configuration strategies. A remote attacker could create build configurations with strategies that violate policy. Although the attacker could not launch the buil...

IBM Maximo Asset Management Information Disclosure Vulnerability

IBM Maximo Asset Management is a suite of IT asset management solutions from IBM USA. An information disclosure vulnerability exists in IBM Maximo Asset Management. It allows remote authenticated users to access sensitive information via a REST API...

Cisco Hosted Collaboration Mediation Fulfillment SOAP API Sensitive Information Disclosure Vulnerability

A vulnerability in the Simple Object Access Protocol SOAP application programming interface API of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an authenticated, remote attacker to obtain sensitive information that should be restricted. The attacker must authentica...

applican vulnerable to script injection

Overview applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in proccessing URL. Note that this vulnerability is different from JVN71088919. Kenta Suefusa and Tomonori Shiom...

Vulnerability of the Java Platform software platform, allowing attackers to modify data

The vulnerability of the Security sub-component in JRockit and Java Platform software platforms is related to errors in the code. Exploiting this vulnerability allows a malicious actor to modify data using specially crafted data for the API function...

Vulnerability in Newphoria MEGAPHONE MUSIC application

Newphoria MEGAPHONE MUSIC application for Android and iOS is a suite of music player applications based on the Android and iOS platforms from Newphoria Japan. A security vulnerability exists in the Newphoria MEGAPHONE MUSIC application for Android and iOS. The vulnerability can be exploited by an...

OpenShift: Malformed JSON can cause API process crash

It was found that improper error handling in the API server could cause the master process to crash. A user with network access to the master could use this flaw to crash the master process...

foreman: API not scoping resources to taxonomies

A flaw was found in the way foreman authorized user actions on resources via the API when an organization was not explicitly set. A remote attacker could use this flaw to obtain additional information about resources they were not authorized to access...

The vulnerability of the Apache HTTP Server web server allows attackers to circumvent existing access restrictions.

The vulnerability of the apsomeauthrequired function in the server/request.c component of the Apache HTTP Server is related to deficiencies in access control for certain functions. Exploiting this vulnerability could allow a malicious actor to circumvent existing access restrictions due to the...

The vulnerability of the Adobe Reader DC PDF viewer program, which allows a hacker to circumvent access restrictions

The vulnerability of the Adobe Reader DC PDF viewer program is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to bypass restrictions on access to the JavaScript API...

The vulnerability of Adobe Acrobat’s PDF editing software allows a hacker to circumvent access restrictions.

The vulnerability of the Adobe Acrobat PDF editing program is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to bypass restrictions on access to the JavaScript API...

Cisco Access Control Server Remote Denial of Service Vulnerability

The Cisco Secure Access Control System is the access policy control platform. A remote denial of service vulnerability exists in the REST API in Cisco Access Control Server ACS version 5.5 0.46.2, which can be exploited by a remote attacker to cause a denial of service by sending numerous request...