Cross site request forgery (csrf)

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...

CVE-2017-7557

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...

DEBIAN-CVE-2017-7557

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...

CVE-2017-7557

dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...

CVE-2017-7557

CVE-2017-7557 affects dnsdist 1.1.0, where an authentication flaw in the REST API potentially enables CSRF. Evidence across multiple advisories shows this vulnerability alongside other issues (CVE-2016-7069, CVE-2018-14663) and that fixes exist in later dnsdist releases. Upgrading to at least 1.2...

FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (473b6a9e-8493-11e7-b24b-6cf0497db129)

Drupal Security Team : CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...

Drupal Patches Critical Access Bypass Bug

Website management platform Drupal released several patches that address access bypass vulnerabilities in its Drupal 8 Core engine Wednesday, fixing one critical and two moderately critical security bugs. The most serious of the vulnerabilities is the access bypass vulnerability CVE-2017-6925 in...

REST API can bypass comment approval.

More info at https://www.drupal.org/SA-CORE-2017-004...

REST API can bypass comment approval.

More info at https://www.drupal.org/SA-CORE-2017-004...

drupal -- Drupal Core - Multiple Vulnerabilities

Drupal Security Team: CVE-2017-6923: Views - Access Bypass - Moderately Critical CVE-2017-6924: REST API can bypass comment approval - Access Bypass - Moderately Critica CVE-2017-6925: Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical...

CVE-2017-1500

A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get a...

Moderate: Red Hat Enhancement Advisory: Red Hat Virtualization Manager (ovirt-engine) 4.1.4

An update is now available for Red Hat Virtualization Manager. The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities,...

WordPress Stop User Enumeration 1.3.8 User Enumeration

Details ================ Software: Stop User Enumeration Version: 1.3.8 Homepage: https://wordpress.org/plugins/stop-user-enumeration/ Advisory report: https://security.dxw.com/advisories/stop-user-enumeration-rest-api/ CVE: Awaiting assignment CVSS: 5 Medium; AV:N/AC:L/Au:N/C:P/I:N/A:N Descripti...

WordPress Stop User Enumeration plugin <=1.3.8 - REST API Bypass vulnerability

WordPress Stop User Enumeration plugin version 1.3.8 and earlier version vulnerable to the REST API Bypass vulnerability found by DXW. Solution Please update WordPress Stop User Enumeration plugin to the latest available version at least version 1.3.9...

CVE-2017-8919

NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors...

Stop User Enumeration <= 1.3.8 - REST API Bypass

The Stop User Enumeration WordPress plugin was affected by a REST API Bypass security vulnerability...

REDDOXX Appliance Session Identifier Extraction

Advisory: Unauthenticated Extraction of Session-IDs in REDDOXX Appliance RedTeam Pentesting discovered an information disclosure vulnerabilty in the REDDOXX appliance software, which allows unauthenticated attackers to extract valid session IDs. Details ======= Product: REDDOXX Appliance Affected...

http-vuln-cve2017-1001000 NSE Script

Attempts to detect a privilege escalation vulnerability in Wordpress 4.7.0 and 4.7.1 that allows unauthenticated users to inject content in posts. The script connects to the Wordpress REST API to obtain the list of published posts and grabs the user id and date from there. Then it attempts to...

Trend Micro Deep Security 6.5 XXE / Code Execution

The following advisory describes three 3 vulnerabilities found in Trend Micro Deep Security version 6.5. aThe Trend Micro Hybrid Cloud Security solution, powered by XGen security, delivers a blend of crossA-generational threat defense techniques that have been optimized to protect physical,...

Trend Micro Deep Security 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution

The following advisory describes three 3 vulnerabilities found in Trend Micro Deep Security version 6.5. “The Trend Micro Hybrid Cloud Security solution, powered by XGen security, delivers a blend of cross­-generational threat defense techniques that have been optimized to protect physical,...