FLIR Systems FLIR Brickstream 3D+ Unauthenticated Config Download File Disclosure

FLIR Systems FLIR Brickstream 3D+ Unauthenticated Config Download File Disclosure Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842 Api: 1.0.0 Node: 0.10.33 Onvif: 0.1.1.47 Summary: The Brickstream line of sensors provides highly...

FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Vulnerability

Exploit for hardware platform in category web applications Exploit Title: FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842,...

FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure

Exploit Title: FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842, Api: 1.0.0, Node: 0.10.33, Onvif: 0.1.1.47 Tested on: Tita...

FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure

FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Exploit Title: FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842,...

Authorization

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this...

CVE-2018-0460 Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this...

CVE-2018-0460

CVE-2018-0460 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) REST API. The vulnerability arises from insufficient authorization and parameter validation, enabling an authenticated, remote attacker to read arbitrary files on an affected system. Exploitation requires the attacker to u...

CVE-2018-0460 Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this...

WordPress Breadcrumb NavXT plugin <= 6.1.0 - Username Disclosure via REST API

Username Disclosure via REST API issue found by Janek Vind in WordPress Breadcrumb NavXT plugin versions = 6.1.0. Solution Update the WordPress Breadcrumb NavXT plugin to the latest available version at least 6.2.0...

Gurp - Golang command-line interface to Burp Suite's REST API

Requirements BurpSuite Professional v2.0.0beta or greater from PortSwigger Dependencies go get -u -v github.com/fatih/color go get -u -v github.com/integrii/flaggy go get -u -v github.com/tidwall/gjson go get -u -v github.com/grokify/html-strip-tags-go Binaries Latest version available here...

Breadcrumb NavXT <= 6.1.0 - Username Disclosure via REST API

The Breadcrumb NavXT WordPress plugin was affected by an Username Disclosure via REST API security vulnerability. PoC http://www.example.com/wp-json/bcn/v1/author/1...

Breadcrumb NavXT <= 6.1.0 - Username Disclosure via REST API

The Breadcrumb NavXT WordPress plugin was affected by an Username Disclosure via REST API security vulnerability. http://www.example.com/wp-json/bcn/v1/author/1...

WordPress Breadcrumb NavXT 6.1.0 Username Disclosure

Exploit for php platform in category web applications Username Disclosure in Breadcrumb NavXT Wordpress plugin ============================================================ Author: Janek Vind "waraxe" Date: 26. September 2018 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-108.html...

WordPress Breadcrumb NavXT 6.1.0 Username Disclosure

waraxe-2018-SA108 - Username Disclosure in Breadcrumb NavXT Wordpress plugin ================================================================================ Author: Janek Vind "waraxe" Date: 26. September 2018 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-108.html Target descriptio...

Burpcommander - Ruby Command-Line Interface To Burp Suite's REST API

Ruby command-line interface to Burp Suite's REST API Usage burpcommander VERSION: 1.0.1 - UPDATED: 08/29/2018 -t, --target IP Address Defaults to 127.0.0.1 -p, --port Port Number Defaults to 1337 -k, --key API Key If you require an API key specify it here -i, --issue-type-id String String to sear...

Pimcore Gather Credentials via SQL Injection

This module extracts the usernames and hashed passwords of all users of the Pimcore web service by exploiting a SQL injection vulnerability in Pimcore's REST API. Pimcore begins to create password hashes by concatenating a user's username, the name of the application, and the user's password in t...

oBike Electronic Lock Bypass

CVE-2018-16242 - oBike Electronic Lock Bypass Product: oBike bicycle-sharing service Vendor: oBike Inc. CVE ID: CVE-2018-16242 Subject: Access control bypass by replay attack on predictable nonce Effect: Unauthorized unlocking of bikes, cirumventing the ride-fees Author: Antoine Neuenschwander...

Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this...

Couchbase Server Remote Code Execution

Hey, Description: Couchbase Server 1 exposes REST API 2 which by default is available on TCP/8091 and/or TCP/18091. Authenticated users can send arbitrary Erlang code to 'diag/eval' endpoint of the API. The code will be subsequently executed in the underlying operating system with privileges of t...

Couchbase Server Remote Code Execution Vulnerability

Couchbase Server allows for authenticated users to send arbitrary erlang code to diag/eval. Couchbase Server Remote Code Execution Vulnerability Description: Couchbase Server 1 exposes REST API 2 which by default is available on TCP/8091 and/or TCP/18091. Authenticated users can send arbitrary...