Design/Logic Flaw

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified...

Secure Data Space 3.1.1-2 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 secunet Security Networks AG Security Advisory Advisory: SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities 1. DETAILS - ---------- Product: SECURE DATA SPACE Vendor URL: www.ssp-europe.eu Type: Cross-site...

A Quick Glance at Modern Browsers's Protection Part #1

tl;dr in this blog post we are going to give a look at modern browsers's protection with some hands on example available at and deployed in Heroku. This blog post is NOT about Same-origin policy Introduction In this blog post we are going to give a look at modern browsers's protection. More...

It is possible to access the list of patches in a review and their content by unprivileged users

We've discovered and fixed a security issue, where the attacker could using the REST API: access the list of patches in a review their filename, database id upload date and anchor details without authentication access the patch content for any review as long as he had view access to any other...

It is possible to access the list of patches in a review and their content by unprivileged users

We've discovered and fixed a security issue, where the attacker could using the REST API: access the list of patches in a review their filename, database id upload date and anchor details without authentication access the patch content for any review as long as he had view access to any other...

Cisco Videoscape Distribution Suite Service Manager REST API信息泄露漏洞

No description provided by source...

CVE-2015-6364

Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960...

Design/Logic Flaw

Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960...

CVE-2015-6364

Cisco Videoscape Distribution Suite Service Manager REST API Information Disclosure (CVE-2015-6364) affects Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager. The root cause is improper validation of HTTP requests to the REST API, allowing an unau...

CVE-2015-6364

Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960...

Cisco Videoscape Distribution Suite Service Manager Information Disclosure Vulnerability

A vulnerability in the Representational State Transfer REST Application Programming Interface API that is used by Cisco Videoscape Distribution Suite Service Manager could allow an unauthenticated, remote attacker to cause an affected device to disclose sensitive information. The vulnerability is...

Rest API XSS

An unauthenticated XSS vulnerability has been confirmed in confluence 5.8.15 and 5.8.14. The vulnerability is located at /rest/prototype/1/session/check/something POC URL: http:///confpath/rest/prototype/1/session/check/something%3Cimg%20src%3da%20onerror%3dalert%280%29%3E This was confirmed in t...

Cross site request forgery (csrf)

IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request...

CVE-2015-4929

IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request...

OrientDB < 2.0.15 / 2.1.1 XSRF

The version of OrientDB running on the remote host is prior to 2.0.15 or 2.1.1. It is, therefore, affected by a cross-site request forgery XSRF vulnerability due to the server allowing JSONP callbacks within the REST API. An unauthenticated, remote attacker can exploit this, via a crafted web pag...

Cisco Unified Communications Manager IM and Presence Service REST API Denial of Service Vulnerability

A vulnerability in the Representational State Transfer REST interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to cause a partial denial of service DoS condition because the Cisco Session Initiation Protocol SIP proxy...

F5 Networks BIG-IQ REST API Authentication Bypass (SOL16861)

According to its version number, the remote F5 Networks BIG-IQ device is affected by an authentication bypass vulnerability due to a flaw in the REST API. An unauthenticated, remote attacker can exploit this to obtain an authentication token for arbitrary LDAP user accounts when the device is...

CVE-2015-1844

Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API...

CVE-2015-1844

CVE-2015-1844 corresponds to a Foreman/Satellite API authorization flaw: remote authenticated users could bypass organization/location restrictions via the REST API. Connected advisories (RHSA-2015:1591/1592) indicate affected Foreman components and that remediation is provided through Red Hat Sa...

CVE-2015-1844

Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API...