Lucene search
K

491 matches found

Filippo.io
Filippo.io
added 2016/07/03 10:29 a.m.23 views

Analyzing Go Vendoring with BigQuery

GitHub published a snapshot of all the public open-source repositories to BigQuery and Francesc used it to draw some cool statistics about Go projects. I used the same dataset to analyze how the Go ecosystem does vendoring. Disclosure: there's some ego stroking here, as I'm the author of gvt. Try...

6.8AI score
Exploits0
CNVD
CNVD
added 2016/06/30 12:0 a.m.18 views

Swagger Remote Code Execution Vulnerability

Swagger is a specification and complete framework for generating, describing, invoking and visualizing RESTful style web services. A remote code execution vulnerability exists in Swagger, where parameters of Swagger JSON, YAML files are injected, allowing an attacker to exploit the vulnerability ...

8.5AI score
Exploits3References1
myhack58
myhack58
added 2016/06/28 12:0 a.m.115 views

Swagger exposed a remote code execution vulnerability affects Java, PHP, NodeJS and many other development languages-vulnerability warning-the black bar safety net

Vulnerability description The Swagger specification is widely used in Html, PHP, Java and Ruby and other popular languages to develop applications, which has recently been exposed a remote code execution vulnerability, the potential impact on Java, PHP, NodeJS and Ruby and other popular languages...

8.6AI score
Exploits3
CNVD
CNVD
added 2016/06/28 12:0 a.m.6 views

IBM WebSphere Application Server Privilege Acquisition Vulnerability

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. Liberty Profile is a dynamic server profile for WAS. A privilege acquisition vulnerability exists in IBM WAS Liberty Profile version 8.5.5, which can be exploited to gain user...

7.5CVSS9.5AI score0.0185EPSS
Exploits0References1
seebug.org
seebug.org
added 2016/06/27 12:0 a.m.337 views

Swagger 通过参数注入远程代码执行漏洞

详情来源: R7-2016-06 This disclosure will address a class of vulnerabilities in a Swagger Code Generator in which injectable parameters in a Swagger JSON or YAML file facilitate remote code execution. This vulnerability applies to NodeJS, PHP, Ruby, and Java and probably other languages as well. Othe...

8.3AI score
Exploits3
Metasploit
Metasploit
added 2016/06/23 1:9 p.m.119 views

JSON Swagger CodeGen Parameter Injector

This module generates an Open API Specification 2.0 Swagger compliant json document that includes payload insertion points in parameters. In order for the payload to be executed, an attacker must convince someone to generate code from a specially modified swagger.json file within a vulnerable...

7.2AI score
Exploits3
ThreatPost
ThreatPost
added 2016/06/23 9:43 a.m.89 views

Swagger Vulnerability Leads to Arbitrary Code Injection

An unexpected behavior in a relatively new and popular open source API framework called Swagger could lead to code execution, researchers at Rapid7 said. The company today disclosed some details on the vulnerability, and released a Metasploit exploit module and a proposed patch written by...

1.3AI score
Exploits3References3
Hacker One
Hacker One
added 2016/06/01 9:47 p.m.67 views

Urban Dictionary: Infinite Upvoting/Downvoting: Lockout Bypass, Plus: Exposed API Documentation

By sending an extra parameter kind=1 in the upvote/downvote API request, a user can vote as many times as he wants without any IP address restriction: http://api.urbandictionary.com/v0/vote?kind=1&direction=up&defid=94413 Seems harmless enough, but your site does depend on the accuracy of the...

0.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/05/23 10:0 a.m.12 views

book-monkey2-api.angular2buch.de XSS vulnerability

Vulnerable URL: http://book-monkey2-api.angular2buch.de/swagger-ui/?url=https://gist.githubusercontent.com/anonymous/4a5ece3c91b803536c3a81811af24225/raw/cb666406da086e666a74cf9219fcdc2e07100d9f/5742c4bee4b01190df6d640c.json Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/05/23 8:56 a.m.13 views

kubernetes.io XSS vulnerability

Vulnerable URL: http://kubernetes.io/kubernetes/thirdparty/swagger-ui/?url=https://gist.githubusercontent.com/anonymous/4a5ece3c91b803536c3a81811af24225/raw/cb666406da086e666a74cf9219fcdc2e07100d9f/5742c4bee4b01190df6d640c.json Details: Description| Value ---|--- Patched:| No Latest check for...

6.3AI score
Exploits0
Packet Storm
Packet Storm
added 2016/05/03 12:0 a.m.39 views

Swagger Editor 2.9.9 Cross Site Scripting

Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Swagger Editor Vendor URL: https://github.com/swagger-api/swagger-editor Type: Cross-Site Scripting CWE-79 Date found:...

Exploits0
Rows per page
Query Builder