4879 matches found
CVE-2013-3567
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call...
[OWASP Zed Attack Proxy 2.1.0] An easy to use integrated penetration testing tool for finding vulnerabilities in web applications
The OWASP Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration...
CVE-2013-0581
Multiple cross-site scripting XSS vulnerabilities in IBM Business Process Manager BPM 7.5.1.x, 8.0.0.x, and 8.0.1 before FP1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving 1 ProcessPortal/jsp/socialPortal/dashboard.jsp, 2...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in IBM Business Process Manager BPM 7.5.1.x, 8.0.0.x, and 8.0.1 before FP1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving 1 ProcessPortal/jsp/socialPortal/dashboard.jsp, 2...
Updated puppet packages fix remote code execution vulnerability
When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any class available in the ruby process, which allows an...
CouchDB Enum Utility
This module enumerates databases on CouchDB using the REST API without authentication by default. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CouchDB Enum Utility', 'Description' = %q This...
Puppet REST API Detection
A Puppet REST API web service, used for communication between masters and agents, was detected on the remote host C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66233; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/05/24";...
JIRA REST API makes it easy to harvest email addresses
The JIRA REST API makes it easy to harvest email addresses as an anonymous user. 1. Go to https://jira.atlassian.com/browseJRA-22053 as anonymous. Note that you can't extract email addresses from this page unless the user has used an email address as her username. 2. Now go to...
JIRA REST API makes it easy to harvest email addresses
The JIRA REST API makes it easy to harvest email addresses as an anonymous user. 1. Go to https://jira.atlassian.com/browseJRA-22053 as anonymous. Note that you can't extract email addresses from this page unless the user has used an email address as her username. 2. Now go to...
JIRA REST API makes it easy to harvest email addresses
The JIRA REST API makes it easy to harvest email addresses as an anonymous user. 1. Go to https://jira.atlassian.com/browseJRA-22053 as anonymous. Note that you can't extract email addresses from this page unless the user has used an email address as her username. 2. Now go to...
Information disclosure in REST API
REST endpoints to search groups and to list issue resolutions allow anonymous/unauthenticated access. The former allows to enumerate all groups on a JIRA instance by sending multiple queries as results are limited by jira.ajax.autocomplete.limit. We've verified this on an instance without any...
Information disclosure in REST API
REST endpoints to search groups and to list issue resolutions allow anonymous/unauthenticated access. The former allows to enumerate all groups on a JIRA instance by sending multiple queries as results are limited by jira.ajax.autocomplete.limit. We've verified this on an instance without any...
Information disclosure in REST API
REST endpoints to search groups and to list issue resolutions allow anonymous/unauthenticated access. The former allows to enumerate all groups on a JIRA instance by sending multiple queries as results are limited by jira.ajax.autocomplete.limit. We've verified this on an instance without any...
How to Install, Change, or Remove the Veeam ONE License
Purpose This article documents how to manually install, change, or remove a license for Veeam ONE. Solution Install License 1. Open Veeam ONE Client. 2. Click the Main Menu ≡ in the top-left corner. 3. Click License. 4. In the dialog window that appears, click Install License. 5. Using the file...
Moderate: Red Hat Security Advisory: rhevm security and bug fix update
Updated rhevm packages that fix one security issue and various bugs are now available. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the...
CVE-2009-3354
Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors...
Design/Logic Flaw
Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors...
CVE-2009-3354
Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors...
CVE-2009-3354
Technical details for CVE-2009-3354 are not publicly provided in the supplied documents; no affected products, versions, or exploit information are specified. Monitor for updates.