887 matches found
CVE-2014-2351 CSWorks SQL Injection
SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests...
CVE-2013-6987
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager DSM before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. dot dot in the 1 path parameter to filedelete.cgi or 2 folderpath parameter to...
Fedora 19 : ReviewBoard-1.7.11-1.fc19 (2013-11682)
New upstream release 1.7.11 - http://www.reviewboard.org/docs/releasenotes/reviewboa rd/1.7.11/ - Bug Fixes : - Fixed compatibility with Python 2.5 - Fixed the drop-down arrow by Support and the account name on older versions of Internet Explorer - New upstream release 1.7.10 -...
Fedora 18 : ReviewBoard-1.7.11-1.fc18 (2013-11646)
New upstream release 1.7.11 - http://www.reviewboard.org/docs/releasenotes/reviewboa rd/1.7.11/ - Bug Fixes : - Fixed compatibility with Python 2.5 - Fixed the drop-down arrow by Support and the account name on older versions of Internet Explorer - New upstream release 1.7.10 -...
Cross site request forgery (csrf)
The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request...
CVE-2013-2371
The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request...
CVE-2013-2371
The CVE-2013-2371 entry relates to the Web API in the Statistics Server of TIBCO Spotfire Statistics Services. Affected versions include 3.3.x prior to 3.3.1, 4.5.x prior to 4.5.1, and 5.0.x prior to 5.0.1. The vulnerability allows remote attackers to obtain sensitive information via an unspecifi...
CVE-2013-2371
The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request...
VMWare Enumerate Permissions
This module will log into the Web API of VMWare and try to enumerate all the user/group permissions. Unlike enum users this is only users and groups that specifically have permissions defined within the VMware product This module requires Metasploit: https://metasploit.com/download Current source...
VMWare Tag Virtual Machine
This module will log into the Web API of VMWare and 'tag' a specified Virtual Machine. It does this by logging a user event with user supplied text This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModul...
VMWare Enumerate User Accounts
This module will log into the Web API of VMWare and try to enumerate all the user accounts. If the VMware instance is connected to one or more domains, it will try to enumerate domain users as well. This module requires Metasploit: https://metasploit.com/download Current source:...
VMWare ESX/ESXi Fingerprint Scanner
This module accesses the web API interfaces for VMware ESX/ESXi servers and attempts to identify version information for that server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare...
VMWare Terminate ESX Login Sessions
This module will log into the Web API of VMWare and try to terminate user login sessions as specified by the session keys. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Terminate ESX...
VMWare Enumerate Active Sessions
This module will log into the Web API of VMWare and try to enumerate all the login sessions. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Enumerate Active Sessions', 'Description' = %...
VMWare Power Off Virtual Machine
This module will log into the Web API of VMWare and try to power off a specified Virtual Machine. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Power Off Virtual Machine', 'Description...
VMWare Power On Virtual Machine
This module will log into the Web API of VMWare and try to power on a specified Virtual Machine. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Power On Virtual Machine', 'Description' ...
VMWare Enumerate Host Details
This module attempts to enumerate information about the host systems through the VMWare web API. This can include information about the hardware installed on the host machine. This module requires Metasploit: https://metasploit.com/download Current source:...
Splunk - Remote Command Execution
from sec1httplib.requestbuilder import Requestobj from sec1httplib.threaddispatcher import import threading import re import urlparse import sys import urllib import base64 from optparse import OptionParser import sys """ Source: http://www.sec-1.com/blog/?p=233 Splunk remote root exploit. Author...
Seccubus 2.0.alpha1 released, Download Now !
So what is the difference between Seccubus V2 and Seccubus V2 ? Before you try something new you want to know if it is going to be worth it. This article should give you an idea of why we spend quite a lot of time and energy in rebuilding Seccubus V2 from scratch. I clearly recall the conversatio...
JSON Hijacking of use as well as Web API security-vulnerability warning-the black bar safety net
by:cosine JSON Hijacking what role, as a black brother said, You can CSRF to give the user privacy data: a. The principle of the last presentation, first take a attack example, take the meal to do an experiment. First of all, we see this:http://help.fanfou.com/api.html. Rice no API. Wherein:...