4946 matches found
CVE-2018-19365
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request...
Design/Logic Flaw
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request...
CVE-2018-19365
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request...
CVE-2018-19365
Wowza Streaming Engine 4.7.4.01 REST API is vulnerable to directory-traversal, allowing remote attackers to read arbitrary files via crafted HTTP requests. Root cause: insufficient validation in the REST API path enables traversal of the server’s directory structure. Impact: potential unauthorize...
Low: Red Hat Security Advisory: openstack-ceilometer security and bug fix update
An update for openstack-ceilometer is now available for Red Hat OpenStack Platform 14.0 Rocky. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2017-7510
It is reported that the RHV 4 REST API exposes data used in cloud-init which can include the root password used when creating a system...
Low: Red Hat Security Advisory: openstack-ceilometer security and bug fix update
An update for openstack-ceilometer is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2018-18815
The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability tha...
CVE-2018-18815
The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability tha...
Authorization
The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability tha...
CVE-2018-18815 TIBCO JasperReports Server User Information Disclosure
The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability tha...
CVE-2018-18815
CVE-2018-18815 affects the REST API component of TIBCO JasperReports Server and related editions, enabling unauthenticated bypass of authorization for portions of the HTTP interface. Affected releases include JasperReports Server 6.4.0–6.4.3 and 7.1.0, Community Edition up to 7.1.0, ActiveMatrix ...
WordPress Plugin Cerber Security, Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities
Exploit Title: WordPress Cerber Security, Antispam & Malware Scan - Multiple Bypass Vulnerabilities Type: WordPress Plugin Date: 2019-03-04 Active installs: 100,000+ Version: 8.0 Software Link: https://wordpress.org/plugins/wp-cerber/ Exploit Author: ed0x21son Category: WebApps, WordPress Tested...
WordPress Plugin Cerber Security_ Antispam Malware Scan 8.0 - Multiple Bypass Vulnerabilities
WordPress Plugin Cerber Security Antispam Malware Scan 8.0 - Multiple Bypass Vulnerabilities Exploit Title: WordPress Cerber Security, Antispam & Malware Scan - Multiple Bypass Vulnerabilities Type: WordPress Plugin Date: 2019-03-04 Active installs: 100,000+ Version: 8.0 Software Link:...
WordPress Cerber Security Antispam & Malware Scan 8.0 Plugin - Multiple Bypass Vulnerabilities
Exploit for php platform in category web applications Exploit Title: WordPress Cerber Security, Antispam & Malware Scan - Multiple Bypass Vulnerabilities Type: WordPress Plugin Active installs: 100,000+ Version: 8.0 Software Link: https://wordpress.org/plugins/wp-cerber/ Exploit Author: ed0x21son...
Snapd Flaw Lets Attackers Gain Root Access On Linux Systems
Ubuntu and some other Linux distributions suffer from a severe privilege escalation vulnerability that could allow a local attacker or a malicious program to obtain root privileges and total control over the targeted system. Dubbed "DirtySock" and identified as CVE-2019-7304, the vulnerability wa...
Snapd Flaw Lets Attackers Gain Root Access On Linux Systems
Ubuntu and some other Linux distributions suffer from a severe privilege escalation vulnerability that could allow a local attacker or a malicious program to obtain root privileges and total control over the targeted system. Dubbed "DirtySock " and identified as CVE-2019-7304 , the vulnerability...
Flaw in snapd Allows Root Access to Linux Servers
A local privilege-escalation vulnerability in Canonical’s snapd package has been uncovered, which would allow any user to obtain administrator privileges and immediate root access to affected Linux system servers. Snapd is used by Linux users to download and install apps in the .snap file format...
CVE-2019-1679
A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server VCS Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack ...
Server side request forgery (ssrf)
A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server VCS Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack ...