4945 matches found
WordPress REST API Posts Controller Privilege Escalation
A privilege escalation vulnerability exists in WordPress. The vulnerability is due to improper handling of post id's within the REST API posts controller. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to a vulnerable WordPress website...
AlienVault OSSIM REST API Service Detection
Binary data ossimrestapidetect.nbin...
Serviio Media Server - checkStreamUrl Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule /Restlet-Framework/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager def initializeinfo = superupdateinfoinfo, 'Name' =...
Security Issue: REST API does not respect 'Allow Anonymous Access to Remote API' setting on pages that has anonymous access
h3. Summary Anonymous API access are allowed on on pages that has Anonymous View Permission, even though the 'Allow Anonymous Access to Remote API' setting not ticked h3. Steps to Reproduce Make sure that 'Allow Anonymous Access to Remote API' setting from Confluence Administration Security...
Security Issue: REST API does not respect 'Allow Anonymous Access to Remote API' setting on pages that has anonymous access
h3. Summary Anonymous API access are allowed on on pages that has Anonymous View Permission, even though the 'Allow Anonymous Access to Remote API' setting not ticked h3. Steps to Reproduce Make sure that 'Allow Anonymous Access to Remote API' setting from Confluence Administration Security...
Serviio Media Server checkStreamUrl Command Execution
This module exploits an unauthenticated remote command execution vulnerability in the console component of Serviio Media Server versions 1.4 to 1.8 on Windows operating systems. The console service on port 23423 by default exposes a REST API which which does not require authentication. The 'actio...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change
!/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1 Summary: Serviio is a free media server. It allows you to stream you...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change Exploit
Serviio PRO DLNA Media Streaming Server versions 1.8.0.0 PRO, 1.7.1, 1.7.0, and 1.6.1 suffer from a REST API arbitrary password change vulnerability. !/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change Vendor: Petr Nejedly | Six Lines Ltd Product we...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution Exploit
Serviio PRO DLNA Media Streaming Server version 1.8.0.0 PRO, 1.7.1, 1.7.0, and 1.6.1 suffers from a REST API arbitrary code execution vulnerability. !/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution Vendor: Petr Nejedly | Six Lines Ltd Product web...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure Exploit
Serviio PRO 1.8 DLNA Media Streaming Server version 1.8.0.0 PRO, 1.7.1, 1.7.0, and 1.6.1 suffer from a REST API information disclosure vulnerability. !/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure Vendor: Petr Nejedly | Six Lines Ltd Product web...
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Information Disclosure
!/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1 Summary: Serviio is a free media server. It allows you to stream your...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution
Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows host is affect...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change
Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows/Linux host is...
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change !/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1,...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure
!/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1 Summary: Serviio is a free media server. It allows you to stream your...
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution
!/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1 Summary: Serviio is a free media server. It allows you to stream your...
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change
!/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1 Summary: Serviio is a free media server. It allows you to stream you...
Mozilla InvestiGator: MIG
Mozilla InvestiGator Mozilla’s real-time digital forensics and investigation platform MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents...
REST API attachment request still works with wrong/expired cookie
h3. Summary If you perform a REST API attachment request using Cookie Based Authentication with wrong/expired cookie it will still return results with 200 status code. h3. Environment JIRA v1000.892.2 h3. Steps to Reproduce Use Cookie Based Authentication using a wrong/expired cookie Perform a RE...
What's new in RIPS 2.0.0?
The new release RIPS 2.0.0 includes the following major changes: A complete new interface with optimized performance demo.ripstech.com A new extensive REST API for full feature automation api.ripstech.com Team and user privilege management Application-specific analysis profiles More detailed code...