869 matches found
CVE-2017-14182
A Denial of Service DoS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API...
Cross site request forgery (csrf)
A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 1.9.0. The vulnerability allows cross-site request forgery CSRF attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated...
CVE-2017-7926
A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 1.9.0. The vulnerability allows cross-site request forgery CSRF attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated...
CVE-2017-7926
A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 1.9.0. The vulnerability allows cross-site request forgery CSRF attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated...
CVE-2017-7926
CVE-2017-7926 affects OSIsoft PI Web API versions prior to 2017 (1.9.0). The issue is Cross-Site Request Forgery (CSRF) where an unauthorized cross-site request from an authenticated browser can perform actions in the PI Web API. Impact described in connected documents includes potential access t...
PT-2017-17799 · Powerdns +1 · Dnsdist +1
Name of the Vulnerable Software and Affected Versions: dnsdist version 1.1.0 Description: The issue is related to a flaw in the authentication mechanism for the REST API, potentially allowing a CSRF attack. Recommendations: For dnsdist version 1.1.0, consider disabling the REST API until a patch ...
Open Distributed Threat Intelligence: Yeti
Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables e.g. resolve domains, geolocate IPs so that you don’t have to. Yeti provides an interface for humans shiny...
IBM Worklight / MobileFirst Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 a3/4 Reflected Cross-Site Scripting in IBM Worklight OAuth Server Web Api a1/2 ======== a3/4 Table of Contents a1/2 ========================================= 0. Overview 1. Detailed Description 2. Proof Of Concept 3. Solution 4. Disclosure Timeline ...
IBM Patches Reflected XSS in Worklight, MobileFirst
IBM fixed a cross-site scripting vulnerability in two products last month that could have let an attacker execute malicious JavaScript code in a victim’s browser to steal sensitive information, or user credentials. The vulnerability CVE-2017-1500 lingered in the products, Worklight and MobileFirs...
Cross site scripting
A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get a...
CVE-2017-1500
A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get a...
CVE-2017-1500
A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get a...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2017-15834)
Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A cross-site scripting...
OSIsoft PI Web API Cross-Site Request Forgery Vulnerability
The OSIsoft PI Web API is a product for accessing PI system data. A cross-site request forgery vulnerability exists in the OSIsoft PI Web API. As the program fails to properly validate HTTP requests. An attacker could exploit the vulnerability to perform certain unauthorized actions and access th...
OSIsoft PI Web API 2017
CVSS v3 7.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: OSIsoft Equipment: PI Web API 2017 Vulnerability: Cross-Site Request Forgery AFFECTED PRODUCTS OSIsoft reports that the vulnerability affects the following PI Web API products: PI Web API versions prior to 2017 1.9.0...
W3C High Resolution Time API AnC Attack Vulnerability
The W3C High Resolution Time API is a set of JavaScript interfaces for providing web applications with a sub-millisecond resolution of the current time format. A security vulnerability exists in the W3C High Resolution Time API. The vulnerability can be exploited by an attacker with specially...
CVE-2017-5153
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords...
Design/Logic Flaw
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords...
CVE-2016-8353
An issue was discovered in OSIsoft PI Web API 2015 R2 Version 1.5.1. There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions...
CVE-2016-8353
An issue was discovered in OSIsoft PI Web API 2015 R2 Version 1.5.1. There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions...