4945 matches found
CVE-2017-12229
A vulnerability in the REST API of the web-based user interface web UI of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for th...
Authentication flaw
A vulnerability in the REST API of the web-based user interface web UI of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for th...
CVE-2017-12229
The CVE describes an authentication bypass in the REST API of Cisco IOS XE Web UI (versions 3.1–16.5) caused by insufficient input validation. An unauthenticated, remote attacker could bypass REST API authentication and access the web UI if the device has HTTP Server enabled. The issue affects Ci...
CVE-2017-12229
A vulnerability in the REST API of the web-based user interface web UI of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for th...
Cisco IOS XE Software Web UI REST API Authentication Bypass Vulnerability
A vulnerability in the REST API of the web-based user interface web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for the REST A...
EMC Data Protection Advisor < 6.4.130 Hardcoded Password Vulnerability
According to its self-reported version number, the EMC Data Protection Advisor running on the remote host is 6.3.x prior to 6.3 patch 67 or 6.4.x prior to 6.4 patch 130. It is, therefore, affected by a default credential vulnerability due to hardcoded passwords with the Apollo System Test,...
UBUNTU-CVE-2015-5607
Cross-site request forgery in the REST API in IPython 2 and 3...
CVE-2015-5607
Cross-site request forgery in the REST API in IPython 2 and 3...
CVE-2015-5607
Cross-site request forgery in the REST API in IPython 2 and 3...
PYSEC-2017-47
Cross-site request forgery in the REST API in IPython 2 and 3...
Cross site request forgery (csrf)
Cross-site request forgery in the REST API in IPython 2 and 3...
DEBIAN-CVE-2015-5607
Cross-site request forgery in the REST API in IPython 2 and 3...
CVE-2015-5607
Cross-site request forgery in the REST API in IPython 2 and 3...
CVE-2015-5607
Cross-site request forgery in the REST API in IPython 2 and 3...
Dynamic Application Security Test Orchestration: Webbreaker
Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...
WordPress REST API Plugin Information Disclosure (CVE-2017-5487)
An information disclosure vulnerability exists in WordPress REST API Plugin. Successful exploitation could result in the disclosure of sensitive user information...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the REST server. An attacker can execute commands as the user by producing a malicious link that, if clicked while the user is logged in, exploits the server. PoC Attacker puts something like this int...
Caldera Forms <= 1.5.4 - Authenticated Cross-Site Scripting (XSS)
Version 1.5.4 and earlier of Caldera Forms is vulnerable to a reflected cross-site scripting vulnerability in the "edit" parameter, which is not properly escaped before being printed in an HTML attribute. An attacker can use this to craft URLs that, when clicked, result in malicious JavaScript...
Drupal 8.x < 8.3.7 Multiple Vulnerabilities (SA-CORE-2017-004)
According to its self-reported version, the instance of Drupal running on the remote web server is 8.x prior to 8.3.7. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the views subsystem due to a failure to restrict access to the Ajax endpoint to only views configured ...
CVE-2017-7557
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...