42 matches found
Authcov - Web App Authorisation Coverage Scanning
Web app authorisation coverage scanning. Introduction AuthCov crawls your web application using a Chrome headless browser while logged in as a pre-defined user. It intercepts and logs API requests as well as pages loaded during the crawling phase. In the next phase it logs in under a different us...
VAmPI - Vulnerable REST API With OWASP Top 10 Vulnerabilities For Security Testing
The Vulnerable API Based on OpenAPI 3 VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency of tools used to detect security issues in APIs. It includes a...
GHSA-3QRQ-R688-VVH4 Multiple valid tokens for password reset in Shopware
Impact Multiple tokens for password reset could be requested. All tokens could be used to change the password. This makes it possible for an attacker to take over the victims account if s/he gains access to the victims email account and finds unused password reset token in the emails within the...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management Server 11.6
Summary IBM WebSphere Application Server 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984. Vulnerability Details CVEID: CVE-2020-4276 DESCRIPTION: IBM WebSphere Application...
GHSA-M9GV-4523-JFFM Missing permission checks in AWS Credentials Plugin
A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...
FormaLMS 2.4.4 - Authentication Bypass Exploit
Exploit Title: FormaLMS 2.4.4 - Authentication Bypass Google Dork: inurl:index.php?r=adm/ Exploit Author: Cristian 'void' Giustini @ Hacktive Security Vendor Homepage: https://formalms.org Software Link: https://formalms.org Version: = 2.4.4 Tested on: Linux CVE : CVE-2021-43136 Info: An...
Kong Gateway 访问控制错误漏洞
Kong Gateway is an API gateway from the Italian company Kong. It provides an inter-network connector. An access control error vulnerability exists in the JWT plugin in Kong Gateway prior to 2.3.0.0, which allows an unauthenticated user to access authenticated routes without a valid token...
Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2020-4362)
Summary There is a privilege escalation vulnerability in WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2020-4362 DESCRIPTION: IBM WebSphere Application Server traditional is vulnerable to a privilege escalation vulnerability when using token-based...
QRadar Community Edition 7.3.1.6 Path Traversal
------------------------------------------------------------------------ QRadar session manager path traversal vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2019...
IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.17 / 9.0.0.0 <= 9.0.5.3 Privilege Escalation (CVE-2020-4362)
A privilege escalation vulnerability exists in IBM WebSphere Application Server 7.0.0.0 through 7.0.0.45, 8.0.0.0 through 8.0.0.15, 8.5.0.0 through 8.5.5.17, 9.0.0.0 through 9.0.5.3 when using token-based authentication in an admin request over the SOAP connector. An authenticated, remote attacke...
CVE-2020-4362
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929...
CVE-2020-4362
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929...
Privilege escalation
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929...
CVE-2020-4362
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929...
CVE-2020-4276
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984...
CVE-2020-4276
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984...
Privilege escalation
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984...
CVE-2020-4276
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force ID: 175984...
CVE-2020-4276
CVE-2020-4276 affects IBM WebSphere Application Server traditional (versions 7.0, 8.0, 8.5, 9.0). The vulnerability is a privilege escalation via token-based authentication in an admin request over the SOAP connector. IBM bulletins and related documents (X-Force ID 175984) assign CVSS v3 base sco...
Reddit Breach Stems from SMS Two-Factor Authentication Breakdown
Reddit confirmed Wednesday that a hacker broke into its systems and has accessed user data – including email addresses and passwords for accounts. The company said in a post today that the compromise occurred between June 14 and June 18, and it detected the incident on June 19. “We learned that a...