4947 matches found
Osmedeus v1.5 - Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning
Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Installation git clone https://github.com/j3ssie/Osmedeus cd Osmedeus ./install.sh This install only focus on Kali linux, check more install on Wiki page How to use I...
TeamPass <= 2.1.27.36 Multiple XSS Vulnerabilities
TeamPass is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Moderate: Red Hat Security Advisory: spice-gtk security and bug fix update
An update for spice-gtk, libgovirt, spice-vdagent, and virt-viewer is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
CVE-2019-7950
An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially...
CVE-2019-7950
An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially...
Improper access control
An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially...
CVE-2019-7950
CVE-2019-7950 affects Magento 2.x before specific patch levels: 2.1 < 2.1.18, 2.2 < 2.2.9, and 2.3
Design/Logic Flaw
Axway SecureTransport 5.x through 5.3 or 5.x through 5.5 with certain API configuration is vulnerable to unauthenticated blind XML injection and XXE in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks i.e., SSRF...
CVE-2019-14277
Axway SecureTransport 5.x through 5.3 or 5.x through 5.5 with certain API configuration is vulnerable to unauthenticated blind XML injection and XXE in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks i.e., SSRF...
CVE-2019-14277
CVE-2019-14277 affects Axway SecureTransport 5.x (through 5.3; and 5.x through 5.5 with certain API configuration). The issue is unauthenticated blind XML injection (and XXE) in the REST API resetPassword function, with potential for local file disclosure, DoS, or URI invocation attacks (SSRF) th...
Axway SecureTransport 5 XML Injection
| | | | | / \ '/ \ | |/ | | / / / | | || | | | /|| |/|| https://zero.lol zero days 4 days ATTENTION: this is a friendly neighborhood zeroday drop Title: Axway SecureTransport 5 Unauthenticated XML Injection / XXE Google Dork: intitle:"Axway SecureTransport" "Login" Date: July 20th 2019 Author:...
Axway SecureTransport 5 - Unauthenticated XML Injection Vulnerability
Exploit for linux platform in category web applications Title: Axway SecureTransport 5 - Unauthenticated XML Injection Google Dork: intitle:"Axway SecureTransport" "Login" Date: 2019-07-20 Author: Dominik Penner / zer0pwn of Underdog Security Vendor Homepage: https://www.axway.com/en Software Lin...
CVE-2019-1917
A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by...
Authentication flaw
A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by...
CVE-2019-1917
Cisco Vision Dynamic Signage Director contains a REST API authentication bypass. A remote, unauthenticated attacker can craft HTTP requests to the REST API, due to insufficient validation, to bypass authentication and perform arbitrary actions with administrative privileges. The REST API is enabl...
CVE-2019-1917 Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability
A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by...
CVE-2019-1917 Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability
A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by...
Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability
A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by...
Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability
According to its self-reported version, Cisco Application Policy Infrastructure Controller APIC is affected by a privilege escalation vulnerability in the REST API. An authenticated, remote attacker could exploit this, via a malicious software upload using the REST API, to gain root access to the...
CVE-2019-1889
A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller APIC Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checki...