Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows/Linux host is...

Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows host is affect...

Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows/Linux host is...

REST API - Improved HTTP Authentication

h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is a simple resource that help administrators to perform operations that would take some time of their day to day activities in a couple seconds, instead of a couple minutes. I...

CVE-2017-14949

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities not parameter external entities are properly considered. This is related to XmlRepresentation, DOMRepresentatio...

UBUNTU-CVE-2017-14868

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension...

CVE-2017-14868

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension...

Design/Logic Flaw

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities not parameter external entities are properly considered. This is related to XmlRepresentation, DOMRepresentatio...

Design/Logic Flaw

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension...

CVE-2017-14868

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension...

CVE-2017-14949

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities not parameter external entities are properly considered. This is related to XmlRepresentation, DOMRepresentatio...

CVE-2017-1628

IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks...

Authorization

IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks...

CVE-2017-1628

Summary (CVE-2017-1628 / IBM BPM 8.6.0.0): IBM Business Process Manager exposes an incorrect authorization check on the Event Manager REST API, allowing authenticated users to stop and resume the Event Manager. The root cause is improper access controls for the stop/resume API. Impact is limited ...

CVE-2017-1628

IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks...

CVE-2017-1000226

Stop User Enumeration 1.3.8 allows user enumeration via the REST API...

CVE-2017-1000226

Stop User Enumeration 1.3.8 allows user enumeration via the REST API...

CVE-2017-1000226

The CVE-2017-1000226 entry concerns WordPress Stop User Enumeration plugin version 1.3.8. The available connected data indicate a vulnerability that allows user enumeration via the REST API. The issue is described consistently across sources as stemming from the REST interface exposing username i...

CVE-2017-1000226

Stop User Enumeration 1.3.8 allows user enumeration via the REST API...

PT-2017-10922

Name of the Vulnerable Software and Affected Versions Stop User Enumeration version 1.3.8 Description The issue allows user enumeration via the REST API. Recommendations For version 1.3.8, consider disabling the REST API until a patch is available to prevent user enumeration...