Sql injection

SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1...

CVE-2016-2355

SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1...

CVE-2016-2355

SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1...

CVE-2016-2355

Summary: CVE-2016-2355 is a SQL injection vulnerability in the dotCMS REST API, specifically in the param stName used with api/content/save/1. Affected software: dotCMS versions before 3.3.2. Vulnerability details: An attacker can inject arbitrary SQL via the stName parameter, potentially comprom...

CVE-2016-2355

SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1...

Python JSON Fuzzer: PyJFuzz

Python JSON Fuzzer PyJFuzz is a small, extensible and ready-to-use framework used to fuzz JSON inputs , such as mobile endpoint REST API, JSON implementation, Browsers, cli executable and much more. Dependencies In order to work PyJFuzz need a single dependency, bottle , you can install it from...

ip-geolocation-map-bing NSE Script

This script queries the Nmap registry for the GPS coordinates of targets stored by previous geolocation scripts and renders a Bing Map of markers representing the targets. The Bing Maps REST API has a limit of 100 markers, so if more coordinates are found, only the top 100 markers by number of IP...

PyJFuzz - Python JSON Fuzzer

PyJFuzz is a small, extensible and ready-to-use framework used to fuzz JSON inputs , such as mobile endpoint REST API, JSON implementation, Browsers, cli executable and much more. Version | 1.1.0 ---|--- Homepage | http://www.mseclab.com/ Github | https://github.com/mseclab/PyJFuzz Author | Danie...

Splunk Enterprise 6.4.3 Server-Side Request Forgery

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Splunk Enterprise Server-Side Request Forgery Affected versions: Splunk Enterprise = 6.4.3 PDF:...

Splunk Enterprise 6.4.3 - Server-Side Request Forgery

Splunk Enterprise 6.4.3 - Server-Side Request Forgery ''' , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Splunk Enterprise Server-Side Request Forgery Affected versions: Splunk Enterprise = 6.4.3...

FortiOS Local Admin Password Hash Leak Vulnerability

A read-only administrator may have access to read-write administrators password hashes not including super-admins stored on the appliance via the webui REST API , and may therefore be able to crack them...

CVE-2016-6460

A vulnerability in the FTP Representational State Transfer Application Programming Interface REST API for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System...

Design/Logic Flaw

A vulnerability in the FTP Representational State Transfer Application Programming Interface REST API for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System...

CVE-2016-6460

CVE-2016-6460 describes a vulnerability in the FTP REST API of Cisco Firepower System Software where an unauthenticated attacker can bypass FTP malware detection and download malware over FTP when a file policy blocks FTP malware. Affected releases include 5.4.0.2, 5.4.1.1, 5.4.1.6, 6.0.0, 6.1.0,...

Splunk Enterprise Multiple Vulnerabilities (Nov 2016)

Splunk Enterprise is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:splunk:splunk"; if...

Atlassian Crucible Server 3.9.x < 3.9.2 Multiple Vulnerabilities

Binary data 9781.prm...

VMware vRealize Operations REST API Deserialization Vulnerability (VMSA-2016-0020)

VMware vRealize Operations is prone to a deserialization vulnerability in its REST API implementation. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

VMSA-2016-0020:vRealize Operations update addresses REST API deserialization vulnerability

VMSA-2016-0020 vRealize Operations update addresses REST API deserialization vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0020 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: vRealize Operations update addresses REST API...

Spring Data JPA Blind SQL Injection Vulnerability

PoC for blind SQL injection bug found in Solita Webhack 2016. Founders: Niklas Särökaari, Joona Immonen Analysis: Arto Santala, Niklas Särökaari, Joona Immonen, Antti Virtanen, Michael Holopainen PoC: Antti Ahola, Antti Virtanen CVE: https://pivotal.io/security/cve-2016-6652 This has been fixed i...

Atlassian JIRA 6.4.x < 6.4.9 Multiple Vulnerabilities

Binary data 9735.prm...