72 matches found
CVE-2015-3907
CodeIgniter Rest Server aka codeigniter-restserver 2.7.1 allows XXE attacks...
Design/Logic Flaw
CodeIgniter Rest Server aka codeigniter-restserver 2.7.1 allows XXE attacks...
CVE-2015-3907
CodeIgniter Rest Server aka codeigniter-restserver 2.7.1 allows XXE attacks...
CVE-2015-3907
CodeIgniter Rest Server (codeigniter-restserver) 2.7.1 is affected by an XML External Entity (XXE) vulnerability. The CVE entry CVE-2015-3907 states XXE attacks, and connected advisories corroborate CodeIgniter Rest Server XXE vulnerability. No explicit details on affected product versions beyond...
Universally Unique IDentifier - Moderately critical - Access bypass - SA-CONTRIB-2019-052
This module provides an API for adding universally unique identifiers UUID to Drupal objects, most notably entities. The module has a privilege escalation vulnerability when it's used in combination with Services+REST server. This vulnerability is mitigated by the fact that an attacker must...
CVE-2019-0212
In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...
Improper Authorization in org.apache.hbase:hbase
In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...
GHSA-535V-4X9Q-446C Improper Authorization in org.apache.hbase:hbase
In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...
Apache Hbase Authorization Bypass Vulnerability
Apache Hbase is the United States Apache Apache Software Foundation, a set of column-oriented distributed database built on Apache Hadoop and Apache ZooKeeper. The database is suitable for unstructured data storage. A security vulnerability exists in Apache Hbase versions 2.0.0 through 2.0.4 and...
Privilege Escalation
apache hbase REST server is vulnerable to privilege escalation. Requests sent to the HBase REST server are executed with the permissions of the REST server instead of the end-user. This vulnerability exists when HBase is configured with Kerberos authentication with HBase authorization enabled and...
Authentication flaw
In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...
CVE-2019-0212
In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...
CVE-2019-0212
In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...
GHSA-JXM5-5XCW-H57Q exist-db:exist-core XML External Entity (XXE) vulnerability
exist version = 5.0.0-RC4 contains a XML External Entity XXE vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...
CVE-2018-1000823
exist version = 5.0.0-RC4 contains a XML External Entity XXE vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...
Xxe
exist version = 5.0.0-RC4 contains a XML External Entity XXE vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...
CVE-2018-1000823
exist version = 5.0.0-RC4 contains a XML External Entity XXE vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...
CVE-2018-1000823
Affected software: exist-db (XML Parser for REST Server)
Universally Unique IDentifier - Moderately critical - Arbitrary file upload - SA-CONTRIB-2018-045
This module provides an API for adding universally unique identifiers UUID to Drupal objects, most notably entities. The module module has an arbitrary file upload vulnerability when it's used in combination with the services REST server. This vulnerability is mitigated by the fact that an attack...
CVE-2017-16208
dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...