Axway Secure Transport 5.1 SP2 - Arbitrary File Upload (via Cross-Site Request Forgery)

function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "https://sftp.example.org/api/v1.0/files/", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q...

Axway Secure Transport 5.1 SP2 - Arbitrary File Upload (via Cross-Site Request Forgery)

Axway Secure Transport 5.1 SP2 - Arbitrary File Upload via Cross-Site Request Forgery function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "https://sftp.example.org/api/v1.0/files/", true; xhr.setRequestHeader"Accept", "text/ht...

CVE-2014-2351

SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests...

Sql injection

SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests...

CVE-2014-2351 CSWorks SQL Injection

SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests...

CVE-2013-6987

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager DSM before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. dot dot in the 1 path parameter to filedelete.cgi or 2 folderpath parameter to...

Fedora 18 : ReviewBoard-1.7.11-1.fc18 (2013-11646)

New upstream release 1.7.11 - http://www.reviewboard.org/docs/releasenotes/reviewboa rd/1.7.11/ - Bug Fixes : - Fixed compatibility with Python 2.5 - Fixed the drop-down arrow by Support and the account name on older versions of Internet Explorer - New upstream release 1.7.10 -...

Fedora 19 : ReviewBoard-1.7.11-1.fc19 (2013-11682)

New upstream release 1.7.11 - http://www.reviewboard.org/docs/releasenotes/reviewboa rd/1.7.11/ - Bug Fixes : - Fixed compatibility with Python 2.5 - Fixed the drop-down arrow by Support and the account name on older versions of Internet Explorer - New upstream release 1.7.10 -...

Cross site request forgery (csrf)

The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request...

CVE-2013-2371

The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request...

CVE-2013-2371

The CVE-2013-2371 entry relates to the Web API in the Statistics Server of TIBCO Spotfire Statistics Services. Affected versions include 3.3.x prior to 3.3.1, 4.5.x prior to 4.5.1, and 5.0.x prior to 5.0.1. The vulnerability allows remote attackers to obtain sensitive information via an unspecifi...

CVE-2013-2371

The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request...

VMWare Enumerate Permissions

This module will log into the Web API of VMWare and try to enumerate all the user/group permissions. Unlike enum users this is only users and groups that specifically have permissions defined within the VMware product This module requires Metasploit: https://metasploit.com/download Current source...

VMWare Tag Virtual Machine

This module will log into the Web API of VMWare and 'tag' a specified Virtual Machine. It does this by logging a user event with user supplied text This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModul...

VMWare Enumerate User Accounts

This module will log into the Web API of VMWare and try to enumerate all the user accounts. If the VMware instance is connected to one or more domains, it will try to enumerate domain users as well. This module requires Metasploit: https://metasploit.com/download Current source:...

VMWare ESX/ESXi Fingerprint Scanner

This module accesses the web API interfaces for VMware ESX/ESXi servers and attempts to identify version information for that server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare...

VMWare Terminate ESX Login Sessions

This module will log into the Web API of VMWare and try to terminate user login sessions as specified by the session keys. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Terminate ESX...

VMWare Enumerate Active Sessions

This module will log into the Web API of VMWare and try to enumerate all the login sessions. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Enumerate Active Sessions', 'Description' = %...

VMWare Power Off Virtual Machine

This module will log into the Web API of VMWare and try to power off a specified Virtual Machine. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Power Off Virtual Machine', 'Description...

VMWare Power On Virtual Machine

This module will log into the Web API of VMWare and try to power on a specified Virtual Machine. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Power On Virtual Machine', 'Description' ...