4943 matches found
CVE-2014-0153
CVE-2014-0153 affects oVirt REST API prior to the 3.4.1/3.4.x updates, where session IDs are stored in HTML5 local storage. The underlying risk is that an attacker could read a user’s session ID from local storage via a crafted web page, leading to potential confidentiality impact. Affected softw...
CVE-2014-0153
The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page...
PT-2014-3505 · Ovirt · Ovirt
Name of the Vulnerable Software and Affected Versions: oVirt versions 3.4.0 and earlier Description: The issue concerns the REST API in oVirt, where session IDs are stored in HTML5 local storage. This allows remote attackers to obtain sensitive information via a crafted web page. Recommendations:...
Moderate: Red Hat Security Advisory: Red Hat Enterprise Virtualization Manager 3.4.2 update
Red Hat Enterprise Virtualization Manager 3.4.2 is now available. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the CVE link in the References...
REST API allows to get worklog from issue without access rights to that issue
On JIRA OnDemand v6.3-OD-08-005-WN also here! it's possible to get worklog by it's ID even if this worklog does not belong to issue passed in API url. Example: On our OnDemand instance I have access rights to . When I add worklog to this issue via REST API, I get its id . Now, when I call GET...
REST API allows to get worklog from issue without access rights to that issue
On JIRA OnDemand v6.3-OD-08-005-WN also here! it's possible to get worklog by it's ID even if this worklog does not belong to issue passed in API url. Example: On our OnDemand instance I have access rights to . When I add worklog to this issue via REST API, I get its id . Now, when I call GET...
REST API allows to get worklog from issue without access rights to that issue
On JIRA OnDemand v6.3-OD-08-005-WN also here! it's possible to get worklog by it's ID even if this worklog does not belong to issue passed in API url. Example: On our OnDemand instance I have access rights to . When I add worklog to this issue via REST API, I get its id . Now, when I call GET...
Information disclosure in the REST API
Jira reports the 404 not-found earlier than the 401 not-authorized. This discloses the non-existence of a specific issue numbers to unauthorized users. While this isn't a huge leak, this could come in useful with social engineering. Proof of concept: Both of the calls below are unauthenticated, a...
Information disclosure in the REST API
Jira reports the 404 not-found earlier than the 401 not-authorized. This discloses the non-existence of a specific issue numbers to unauthorized users. While this isn't a huge leak, this could come in useful with social engineering. Proof of concept: Both of the calls below are unauthenticated, a...
CVE-2014-3485
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization rhevm 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity XXE issue...
CVE-2014-3485
The CVE-2014-3485 issue affects oVirt’s ovirt-engine REST API (RHEV/RHEVM 3.4). Affected component: REST API handling within the ovirt-engine/JBoss server. Root cause: XML External Entity (XXE) processing flaw in XML API calls. Impact: remote authenticated users could read arbitrary files accessi...
CVE-2014-3485
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization rhevm 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity XXE issue...
ElasticSearch Dynamic Script Arbitrary Java Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...
Moderate: Red Hat Security Advisory: rhevm security update
Updated rhevm packages that fix one security issue are now available. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the CVE link in the...
WordPress WP REST API Plugin <= 1.1 - JSONP SOP Bypass
Because of this vulnerability, it is possible to serve up arbitrary Flash SWF files from the API. These Flash files bypass browser cross-origin domain policies. Solution Upgrade the plugin...
JSON REST API 1.1 - JSONP SOP Bypass
The json-rest-api WordPress plugin was affected by a JSONP SOP Bypass security vulnerability...
statTypes REST API exposes all statistics field names anonymously
On an instance with no anonymous access enabled, /rest/gadget/1.0/statTypes returns a list of all stattable custom fields names and IDs in the instance in response to anonymous requests. This is a nasty exposure of data - admins have no way of knowing that private data shouldn't be put into custo...
ElasticSearch Dynamic Script Arbitrary Java Execution
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ElasticSearch Dynamic Script Arbitrary Java Execution', 'Description' = %q This module exploits a remote command execution...
ElasticSearch Dynamic Script - Arbitrary Java Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ElasticSearch Dynamic Script Arbitrary Java Execution', 'Description' = %q This module exploits a remote command execution...
ElasticSearch Indices Enumeration Utility
This module enumerates ElasticSearch Indices. It uses the REST API in order to make it...