4988 matches found
CVE-2015-1844
Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API...
CVE-2015-1844
Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API...
CVE-2015-1844
CVE-2015-1844 corresponds to a Foreman/Satellite API authorization flaw: remote authenticated users could bypass organization/location restrictions via the REST API. Connected advisories (RHSA-2015:1591/1592) indicate affected Foreman components and that remediation is provided through Red Hat Sa...
WP REST API (WP API) <= 1.2.2 - Cross-Site Scripting (XSS)
Requests from other origins could potentially run code on the API domain, allowing cross-origin access to authentication cookies or similar...
WordPress WP REST API Plugin <= 1.2.2 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
CVE-2015-1906
Cross-site scripting XSS vulnerability in the REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted U...
Design/Logic Flaw
The REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors...
CVE-2015-1905
The REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors...
CVE-2015-1906
CVE-2015-1906 is an XSS vulnerability in the IBM Business Process Manager (BPM) REST API. A remote authenticated user can inject script via a crafted URL in BPM versions 7.5.x–8.5.6.0. Exploitation details are not provided beyond the vulnerability description. IBM’s advisory recommends installing...
CVE-2015-1905
CVE-2015-1905 affects IBM Business Process Manager (BPM) REST API in BPM versions 7.5.x–8.5.6.0. The vulnerability arises from insufficient authorization checks, allowing remote authenticated users to bypass intended access restrictions on task-variable value changes via the REST API. The IBM adv...
CVE-2015-1905
The REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors...
Authentication flaw
The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing...
CVE-2015-4637
The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing...
CVE-2015-4637
CVE-2015-4637 affects F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2, and BIG-IQ ADC 4.5.0 before HF2. When LDAP remote authentication is enabled and the LDAP server allows anonymous BIND, an unauthenticated attacker can obtain an authentication token for arbitrary LDAP user acc...
Design/Logic Flaw
The REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via a...
CVE-2015-1961
The REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via a...
CVE-2015-1961
The REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via a...
devel/ipython -- CSRF possible remote execution vulnerability
Kyle Kelley reports: Summary: POST requests exposed via the IPython REST API are vulnerable to cross-site request forgery CSRF. Web pages on different domains can make non-AJAX POST requests to known IPython URLs, and IPython will honor them. The user's browser will automatically send IPython...
HP WebInspect REST API Unauthorized Access
Binary data hpwebinspectnoauthapi.nbin...
Advanced JQL Search does not Respect User email visibility Hidden
h4. Problem The advanced JQL autocomplete functionality is still showing email addresses, ignoring the User email visibility option. Basic mode does not show emails See screenshots h4. Steps to Reproduce Set User email visibility to Hidden JIRA Administration System General Configuration Edit Use...