CVE-2017-5153

An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords...

CVE-2017-5153

The CVE-2017-5153 issue affects OSIsoft PI Coresight 2016 R2 and earlier, and PI Web API 2016 R2 when deployed with the PI AF Services 2016 R2 integrated installer. It is an information exposure vulnerability through server log files that may allow exposure of service account passwords, potential...

CVE-2016-8353

The CVE-2016-8353 issue affects OSIsoft PI Web API 2015 R2 (Version 1.5.1). A weakness in the PI Web API service could let an attacker access the PI system without proper permissions, with remote exploitation possible depending on configuration. The NVD/ICS-CERT entries describe the vulnerability...

OSIsoft PI Coresight and PI Web API

CVSS V3 6.1 Vendor: OSIsoft Equipment: PI Coresight, PI Web API Vulnerability: Information Exposure Through Server Log Files AFFECTED PRODUCTS OSIsoft reports that the vulnerability affects the following versions: PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed usi...

OSIsoft PI Coresight and PI Web API (Update A)

CVSS V3 6.1 Vendor: OSIsoft Equipment: PI Coresight, PI Web API Vulnerability: Information Exposure Through Server Log Files UPDATED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-010-01 OSIsoft PI Coresight and PI Web API that was published January 10,...

CVE-2016-8827

NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack...

Magento Community Edition 2.x < 2.0.4 Multiple Vulnerabilities

Binary data 9693.prm...

CVE-2016-7040

Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections...

Twonky Server < 7.2.11, 8.x < 8.1.2 Writing of Arbitrary Files Vulnerability

Twonky Server is prone to a vulnerability which permits attackers with access to the local network in which Twonky Server runs, to write arbitrary files on the host running the Twonky Server. It can be used to replace existing or create new files on the file system, as accessible by the user unde...

torob.ir XSS vulnerability

Vulnerable URL: http://torob.ir/web-api/1/search/?category==z/%3BalertOPENBUGBOUNTY%3Bz=functionreturn%20/z=0=10=10 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 87398 VIP website...

Magento API unserialize Remote Code Execution (CVE-2016-4010)

A remote code execution vulnerability exists in the e-commerce platform Magento. The vulnerability is due to deserialization of attacker controlled objects via the checkout API. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted Web API request to the target...

Magento < 2.0.6 - Unauthenticated Remote Code Execution

参考来源：http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/ The vulnerability CVE-2016-4010 allows an attacker to execute PHP code at the vulnerable Magento server unauthenticated. This vulnerability actually consists of many small vulnerabilities Magento is an extremely...

CVE-2016-1290

The web API in Cisco Prime Infrastructure 1.2.0 through 2.22 and Cisco Evolved Programmable Network Manager EPNM 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227...

CVE-2016-1290

The web API in Cisco Prime Infrastructure 1.2.0 through 2.22 and Cisco Evolved Programmable Network Manager EPNM 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227...

chromium-browser: WebAPI Bypass

extensions/renderer/resources/platformapp.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app...

CVE-2016-1638

extensions/renderer/resources/platformapp.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app...

Fisher-Price, hereO Toys Expose Kids' Personal Data

As more devices are connected to the Internet, not only are vulnerabilities introduced into those networked things, but also some glaring holes are exposed in organizations’ ability to receive and triage bug reports. Researchers at Rapid7 today disclosed details on a pair of vulnerabilities in to...

REST API Vulnerability in Multiple F5 BIG-IQ Products

The BIG-IQ Cloud Platform provides the core services necessary for the management of application-oriented services. A security vulnerability exists in the REST API of multiple F5 BIG-IQ products, which can be exploited by a remote attacker to obtain an authentication token for any user by guessin...

Axway Secure Transport 5.1 SP2 - Arbitary File Upload via CSRF

No description provided by source. !-- Exploit Title: Axway Secure Transport 5.1 SP2 Arbitary File Upload via CSRF Exploit author: Emmanuel Law Public Disclosure Date : 20/10/14 Vendor homepage: http://www.axway.com Affected Software version: Axway Secure Transport 5.2.1 SP2 and possibly earlier...

Axway Secure Transport 5.1 SP2 - Arbitary File Upload via CSRF

Exploit for php platform in category web applications function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "https://sftp.example.org/api/v1.0/files/", true; xhr.setRequestHeader"Accept", "...