Cross site request forgery (csrf)

The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information i.e., determine if a username is valid because of profile pictures visibility...

CVE-2018-10732

The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information i.e., determine if a username is valid because of profile pictures visibility...

CVE-2018-10732

Dataiku DSS REST API (affected product: Dataiku DSS) prior to version 4.2.3 is affected. The vulnerability arises from profile pictures visibility in the REST API, enabling remote attackers to determine whether a username is valid (information disclosure). The root cause is insufficient access co...

CVE-2018-10732

The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information i.e., determine if a username is valid because of profile pictures visibility...

Any user able to manage space watcher using REST API

h3. Summary Any Confluence user is able to manage Space Watcher by using REST API h3. Steps to Reproduce Create a user that belongs to the "confluence-users" group example: user1 Using an Adminstrator user, create a new space and restrict the space to the administrator user As the normal user...

Burpa - A Burp Suite Automation Tool

A Burp Suite Automation Tool With Slack Integration. Requirements burp-rest-api Burp Suite Professional slackclient Usage $ python burpa.py -h / / / / / / / / / / / // / // / / / // / // / /./,// / ./,/ // burpa version 0.1 / by 0x4D31 usage: burpa.py -h -a scan,proxy-config,stop -pP PROXYPORT...

Archerysec - Open Source Vulnerability Assessment And Management Helps Developers And Pentesters To Perform Scans And Manage Vulnerabilities

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynami...

WordPress 4.7.x < 4.7.2 REST API 'id' Parameter Privilege Escalation

The WordPress application running on the remote web server is version 4.7.x prior to 4.7.2. It is, therefore, affected by a privilege escalation vulnerability in the REST API due to a failure to properly sanitize user- supplied input to the 'id' parameter when editing or deleting blog posts. An...

LocalTapiola: Wordpress Users Disclosure (/wp-json/wp/v2/users/)

Information Using REST API, we can see all the WordPress users/author with some of their information. Step TO Reproduce You can get user info by entering below url in your browser: https://www.lahitapiolarahoitus.fi/wp-json/wp/v2/users/ Result javascript "id": 1, "name": "LTR", "url": "",...

Imperva Python SDK – We’re All Consenting SecOps Here

Managing your WAF can be a complicated task. Custom policies, signatures, application profiles, gateway plugins… there’s a good reason ours is considered the best in the world. Back when security teams were in charge of just a handful of WAF stacks and a few dozen applications, things were...

Astra - Automated Security Testing For REST API's

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...

Input validation

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...

CVE-2018-0245

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...

CVE-2018-0245

The CVE-2018-0245 issue affects Cisco 5500 and 8500 Series Wireless LAN Controllers, where the REST API supports requests that may expose sensitive system information. Root cause: incomplete input validation in REST URL handling, enabling an unauthenticated, remote attacker to view system informa...

CVE-2018-0245

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...

CVE-2018-0245

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...

Cisco 5500 and 8500 Series Wireless LAN Controller Information Disclosure Vulnerability

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...

WSSAT v2.0 - Web Service Security Assessment Tool

WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as input file and for each service, it performs both static and dynamic tests again...

Qualys WAS Introduces Swagger Support for REST API Security Testing

In the world of application security, testing REST APIs for security flaws is important because APIs can have many of the same application-layer vulnerabilities as browser-based web applications. Examples are SQL injection, command injection, and remote code execution. With the recent release of...

CVE-2018-1291

CVE-2018-1291 affects Apache Fineract releases 1.0.0, 0.6.0-incubating, 0.5.0-incubating, and 0.4.0-incubating. The flaw arises in REST endpoints that expose domain-specific queries using an orderBy parameter whose value is appended directly into SQL statements, enabling an attacker to craft the ...