Lucene search
+L

72 matches found

NVD
NVD
added 2019/07/03 9:15 p.m.15 views

CVE-2015-3907

CodeIgniter Rest Server aka codeigniter-restserver 2.7.1 allows XXE attacks...

9.8CVSS9.5AI score0.01642EPSS
Exploits1References1
Prion
Prion
added 2019/07/03 9:15 p.m.19 views

Design/Logic Flaw

CodeIgniter Rest Server aka codeigniter-restserver 2.7.1 allows XXE attacks...

7.5CVSS7.1AI score0.01642EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/07/03 8:54 p.m.19 views

CVE-2015-3907

CodeIgniter Rest Server aka codeigniter-restserver 2.7.1 allows XXE attacks...

9.6AI score0.01642EPSS
Exploits1References1
CVE
CVE
added 2019/07/03 8:54 p.m.266 views

CVE-2015-3907

CodeIgniter Rest Server (codeigniter-restserver) 2.7.1 is affected by an XML External Entity (XXE) vulnerability. The CVE entry CVE-2015-3907 states XXE attacks, and connected advisories corroborate CodeIgniter Rest Server XXE vulnerability. No explicit details on affected product versions beyond...

9.8CVSS9.4AI score0.01642EPSS
Exploits1References1Affected Software1
Drupal
Drupal
added 2019/05/29 12:0 a.m.15 views

Universally Unique IDentifier - Moderately critical - Access bypass - SA-CONTRIB-2019-052

This module provides an API for adding universally unique identifiers UUID to Drupal objects, most notably entities. The module has a privilege escalation vulnerability when it's used in combination with Services+REST server. This vulnerability is mitigated by the fact that an attacker must...

6.8AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 2019/04/04 3:21 a.m.39 views

CVE-2019-0212

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...

7.5CVSS4.1AI score0.03853EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2019/04/02 3:47 p.m.23 views

Improper Authorization in org.apache.hbase:hbase

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...

7.5CVSS4AI score0.03853EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2019/04/02 3:47 p.m.26 views

GHSA-535V-4X9Q-446C Improper Authorization in org.apache.hbase:hbase

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...

7.5CVSS7.3AI score0.03853EPSS
Exploits0References7
CNVD
CNVD
added 2019/04/01 12:0 a.m.4 views

Apache Hbase Authorization Bypass Vulnerability

Apache Hbase is the United States Apache Apache Software Foundation, a set of column-oriented distributed database built on Apache Hadoop and Apache ZooKeeper. The database is suitable for unstructured data storage. A security vulnerability exists in Apache Hbase versions 2.0.0 through 2.0.4 and...

7.5CVSS7.1AI score0.03853EPSS
Exploits0References1
Veracode
Veracode
added 2019/03/29 5:44 a.m.16 views

Privilege Escalation

apache hbase REST server is vulnerable to privilege escalation. Requests sent to the HBase REST server are executed with the permissions of the REST server instead of the end-user. This vulnerability exists when HBase is configured with Kerberos authentication with HBase authorization enabled and...

7.5CVSS7.5AI score0.03853EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2019/03/28 10:29 p.m.18 views

Authentication flaw

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...

6CVSS7.4AI score0.03853EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2019/03/28 10:29 p.m.18 views

CVE-2019-0212

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...

7.5CVSS7AI score
Exploits0References5
Cvelist
Cvelist
added 2019/03/28 9:24 p.m.33 views

CVE-2019-0212

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...

7.4AI score0.03853EPSS
Exploits0References5
OSV
OSV
added 2018/12/20 10:2 p.m.18 views

GHSA-JXM5-5XCW-H57Q exist-db:exist-core XML External Entity (XXE) vulnerability

exist version = 5.0.0-RC4 contains a XML External Entity XXE vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...

10CVSS9.4AI score0.01879EPSS
Exploits0References9
NVD
NVD
added 2018/12/20 3:29 p.m.20 views

CVE-2018-1000823

exist version = 5.0.0-RC4 contains a XML External Entity XXE vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...

10CVSS9.4AI score0.01879EPSS
Exploits0References2
Prion
Prion
added 2018/12/20 3:29 p.m.14 views

Xxe

exist version = 5.0.0-RC4 contains a XML External Entity XXE vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...

7.5CVSS9.4AI score0.01879EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/12/20 3:29 p.m.14 views

CVE-2018-1000823

exist version = 5.0.0-RC4 contains a XML External Entity XXE vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...

10CVSS7AI score
Exploits0References2
CVE
CVE
added 2018/12/20 3:0 p.m.62 views

CVE-2018-1000823

Affected software: exist-db (XML Parser for REST Server)

10CVSS9.3AI score0.01879EPSS
Exploits0References2Affected Software1
Drupal
Drupal
added 2018/07/04 12:0 a.m.12 views

Universally Unique IDentifier - Moderately critical - Arbitrary file upload - SA-CONTRIB-2018-045

This module provides an API for adding universally unique identifiers UUID to Drupal objects, most notably entities. The module module has an arbitrary file upload vulnerability when it's used in combination with the services REST server. This vulnerability is mitigated by the fact that an attack...

6.7AI score
Exploits0References6
NVD
NVD
added 2018/06/07 2:29 a.m.13 views

CVE-2017-16208

dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

7.5CVSS7.5AI score0.02005EPSS
Exploits1References2
Rows per page
Query Builder