ElasticSearch search Remote Code Execution (CVE-2014-3120)

A remote command execution vulnerability has been found in ElasticSearch. The vulnerability is due to the search function in the REST API which does not require authentication and allows dynamic scripts execution. A remote attacker can exploit this weakness to execute arbitrary code via a special...

ElasticSearch < 1.2.0 代码执行漏洞

Elasticsearch是一个流行的开源的搜索和分析引擎。这是一个远程命令执行漏洞利用Elasticsearch，利用Elasticsearch 1.2.0 之前版本的默认配置。问题出现在 REST API，在没有身份认证的情况下，搜索功能允许动态脚本执行，可用于远程该漏洞被发现在其他的原料药，这并不需要验证，在搜索功能允许动态脚本执行。攻击者可以利用它远程执行任何 Java 代码。手动测试：读取目标机器的 /etc/passwd 和 /etc/hostscurl -XPOST 'http://localhost:9200/search?pretty' -d ' "size": 1,...

Open source BUG tracking platform JIRA directory traversal vulnerability analysis-vulnerability warning-the black bar safety net

Recently, a new announcement report a Jira 5.0. 1 1 and 6. 0. 3 versions of the directory traversal vulnerability in the last 7 months to be verified, and in the next few months to repair. Attack method is very simple, but the potential impact is very large, the vulnerability could allow an...

Cuckoo Sandbox v1.1 - Automated Malware Analysis

Cuckoo Sandbox is a malware analysis system. It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment. Cuckoo generates a handful of differen...

Applink configuration data is exposed anonymously

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-38225. panel If you make an anonymous GET request to /rest/issueLinkAppLink/1/appLink/info , the instance will tell you all the names, IDs an...

New NIST AppVet Aims to Streamline Application Security

Apple and Google put developers’ apps through a relatively vigorous screening process before they make their way into their respective app stores. Now developers who produce apps intended for use on internal networks at government agencies can get a vetting process of their own. The National...

CVE-2014-0908

The User Attribute implementation in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information,...

Authorization

The User Attribute implementation in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information,...

CVE-2014-0908

The User Attribute implementation in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information,...

CVE-2014-0908

IBM BPM's User Attribute feature (Standard/Express/Advanced) across 7.5.x, 8.0.x, 8.5.x does not enforce authorization for read/write of attribute values via REST, enabling remote authenticated users to read or modify attributes and affect email notifications or task assignments. Affected version...

IBM Business Process Manager授权绕过漏洞

Bugtraq ID:66679 CVE ID:CVE-2014-0908 IBM Business Process Manager是一款不断积累数据的有状态产品。 IBM Business Process Manager中的User属性功能没有授权概念，允许用户每个用户读取和更新自身的属性值及使用REST API来读取其他用户的值，可导致敏感信息泄漏。 0 IBM Business Process Manager Standard V7.5.x, 8.0.x, 8.5.x IBM Business Process Manager Express V7.5.x, 8.0.x, 8.5.x...

oVirt跨站请求伪造漏洞

CVE ID:CVE-2014-0152 oVirt是一个虚拟化平台，一个易于使用的Web界面。 由于程序允许用户通过未验证的HTTP请求执行某些操作，攻击者可以利用漏洞在一个登录的用户访问恶意网站时将请求发送到REST API或GWT RPC的servlet。 0 oVirt 3.x 目前没有详细解决方案： http://www.ovirt.org/Home...

Fedora Update for rubygem-rbovirt FEDORA-2014-3526

Check for the Version of rubygem-rbovirt OpenVAS Vulnerability Test Fedora Update for rubygem-rbovirt FEDORA-2014-3526 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

Fedora Update for rubygem-rbovirt FEDORA-2014-3573

Check for the Version of rubygem-rbovirt OpenVAS Vulnerability Test Fedora Update for rubygem-rbovirt FEDORA-2014-3573 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

[SECURITY] Fedora 20 Update: rubygem-rbovirt-0.0.18-4.fc20

A Ruby client for oVirt REST API...

[SECURITY] Fedora 19 Update: rubygem-rbovirt-0.0.18-4.fc19

A Ruby client for oVirt REST API...

XSRF Protection Disables Basic URL Rest Authorization

According to this REST page: https://developer.atlassian.com/display/BAMBOODEV/Using+the+Bamboo+REST+APIs You should be able to login to REST via a URL request by using the following scheme: "http://host:8085/rest/api/latest/plan?osauthType=basic&osusername=&ospassword=" This worked fine for us...

XSRF Protection Disables Basic URL Rest Authorization

According to this REST page: https://developer.atlassian.com/display/BAMBOODEV/Using+the+Bamboo+REST+APIs You should be able to login to REST via a URL request by using the following scheme: "http://host:8085/rest/api/latest/plan?osauthType=basic&osusername=&ospassword=" This worked fine for us...

IBM Lotus Notes Sametime Room Name Bruteforce

This module bruteforces Sametime meeting room names via the IBM Lotus Notes Sametime web interface. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'enumerable' class MetasploitModule 'IBM Lotus Notes Sametime...

OpenStack Heat ReST API校验特权提升漏洞

Bugtraq ID:64257 CVE ID:CVE-2013-6428 OpenStack Heat类似于亚马逊的CloudFormation,它可以基于政策对可能发生的情况定义一个模板。 OpenStack Heat应用没有正确校验通过"tenantid" ReST API参数传递的租户ID，允许远程攻击者可以利用该漏洞伪造其他租户，提升权限。需要知道目标租户ID来利用该漏洞。 0 OpenStack Heat 2013.x 目前厂商暂无提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.openstack.org/...