MobSF (Mobile Security Framework) v1.0 - Mobile (Android/iOS) Automated Pen-Testing Framework

Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support...

Lenovo xClarity Administrator Information Disclosure Vulnerability (CNVD-2018-14351)

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The solution supports simplified infrastructure management, faster server response, and improved performance of Lenovo server systems. A security vulnerability exists in the Web API in Lenovo LXCA...

CVE-2018-9064

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user...

Design/Logic Flaw

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user...

CVE-2018-9064

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user...

CVE-2018-9064

CVE-2018-9064 affects Lenovo xClarity Administrator (LXCA) before version 2.1.0. An authenticated LXCA user can abuse a web API debug call to retrieve the credentials for the System Manager user. Lenovo’s advisory also notes potential privilege escalation and, in limited cases, privileged command...

CVE-2018-9066

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system...

XClarity Administrator (LXCA) API Vulnerabilities - Lenovo Support US

No description provided...

RSA Archer REST API Authorization Bypass Vulnerability

RSA Archer is an enterprise IT governance and compliance governance product. RSA Archer has an authorization bypass vulnerability in the REST API that can be exploited by an attacker to elevate privileges...

CVE-2018-13791

The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter...

WARDroid Uncovers Mobile Threats to Millions of Users Worldwide

An analysis of 10,000 mobile apps has found that a significant portion of them are open to web API hijacking – something that potentially affects the privacy and security of tens of millions of business users and consumers globally. The root of the threat lies in the inconsistencies that are ofte...

CVE-2016-10676

rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacke...

CVE-2016-10676

rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacke...

CVE-2016-10676

The CVE refers to rs-brightcove, a wrapper around Brightcove’s web API. The issue is that rs-brightcove downloads resources over HTTP and can be manipulated by an attacker with a privileged network position, potentially replacing a downloaded executable and causing remote code execution on the ho...

solr: Directory traversal via Index Replication HTTP API

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...

PT-2018-5635 · Moxa · Moxa Edr-810

Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 version 4.1 build 17030317 Description: A command injection issue exists in the web server functionality, allowing for privilege escalation to root shell. This can be triggered by injecting OS commands into the remoteNetmask0...

Cross site request forgery (csrf)

TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1Windows...

CVE-2018-10168

TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1Windows...

CVE-2018-10168

TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1Windows...

CVE-2018-10168

CVE-2018-10168 affects TP-Link EAP Controller and Omada Controller (v2.5.4_Windows and v2.6.0_Windows). Root causes include improper privilege management on the Web API (allowing a low-privilege user to perform admin actions), a hard-coded key used to encrypt the backup file enabling decryption/m...