«
Expand/Collapse
60 items tagged "api"
Related tags:
monitor [+],
blade [+],
drupal [+],
search api [+],
search [+],
webreputation [+],
trend [+],
serial number [+],
ppmc [+],
pinktrace [+],
malicious user [+],
development versions [+],
cloudstack [+],
c99 [+],
buffer overflow vulnerability [+],
apache [+],
usn [+],
url version [+],
ubuntu [+],
tor [+],
tar bz2 [+],
tar [+],
stack buffer [+],
server api [+],
security notice [+],
security [+],
script [+],
satellite provider [+],
question mark [+],
provider details [+],
proof of concept [+],
proof [+],
php [+],
nix [+],
liferay [+],
json [+],
implementation [+],
google [+],
gabe westmaas [+],
fraud [+],
file [+],
facebook [+],
exploit [+],
curl [+],
cross site scripting [+],
content filter [+],
concept [+],
authentication [+],
apigee [+],
access controls [+],
steffen meschkat [+],
soap [+],
server [+],
phpcas [+],
oracle database server [+],
oracle [+],
mediawiki [+],
mantisbt [+],
malware [+],
javascript [+],
information disclosure vulnerability [+],
hook tool [+],
hook [+],
hacks [+],
google maps [+],
forgery [+],
exploits [+],
database [+],
chaos communication congress [+],
buffer overflow [+],
application programming interface [+],
analysing [+],
analyser [+],
wolfram alpha api [+],
wolfram alpha [+],
wolfram [+],
wisp [+],
windows [+],
win32 api [+],
win [+],
tool works [+],
ssl certificates [+],
siri [+],
setnamedsecurityinfo [+],
security vulnerability [+],
ptrace [+],
powermeter [+],
php api [+],
personal assistant [+],
opendnssec [+],
moneris [+],
mobile [+],
misc [+],
malformed url [+],
key [+],
insomnia [+],
function [+],
electricity meters [+],
dca [+],
bundle [+],
bugtraq [+],
asterisk [+],
assistant [+],
arduino [+],
Wireless [+],
HackIt [+],
vulnerability [+]
-
-
16:00
»
SecuriTeam
The Search API module for Drupal is prone to a cross-site request-forgery vulnerability.
-
-
16:00
»
SecuriTeam
The PHP API of Moneris eSelectPlus is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from a server.
-
-
18:31
»
Packet Storm Security Advisories
Ubuntu Security Notice 1626-2 - USN-1626-1 fixed vulnerabilities in the v1 API of Glance. This update provides the corresponding updates for the v2 API. Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances. Various other issues were also addressed.
-
18:31
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1626-2 - USN-1626-1 fixed vulnerabilities in the v1 API of Glance. This update provides the corresponding updates for the v2 API. Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances. Various other issues were also addressed.
-
18:31
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1626-2 - USN-1626-1 fixed vulnerabilities in the v1 API of Glance. This update provides the corresponding updates for the v2 API. Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances. Various other issues were also addressed.
-
-
23:44
»
Packet Storm Security Advisories
The CloudStack PPMC was notified of a configuration vulnerability that exists in development versions of the Apache Incubated CloudStack project. This vulnerability allows a malicious user to execute arbitrary CloudStack API calls. A malicious user could, for example, delete all VMs in the system.
-
23:44
»
Packet Storm Security Advisories
The CloudStack PPMC was notified of a configuration vulnerability that exists in development versions of the Apache Incubated CloudStack project. This vulnerability allows a malicious user to execute arbitrary CloudStack API calls. A malicious user could, for example, delete all VMs in the system.
-
23:44
»
Packet Storm Security Recent Files
The CloudStack PPMC was notified of a configuration vulnerability that exists in development versions of the Apache Incubated CloudStack project. This vulnerability allows a malicious user to execute arbitrary CloudStack API calls. A malicious user could, for example, delete all VMs in the system.
-
23:44
»
Packet Storm Security Misc. Files
The CloudStack PPMC was notified of a configuration vulnerability that exists in development versions of the Apache Incubated CloudStack project. This vulnerability allows a malicious user to execute arbitrary CloudStack API calls. A malicious user could, for example, delete all VMs in the system.
-
-
7:45
»
SecDocs
Authors:
Steffen Meschkat Tags:
Javascript Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: The web application programming interface (API) that allows to embed google maps in web pages is quite simple, if you speak javascript, yet it employs some of the more sophisticated concepts of the language, such as custom objects and closures. So if you don't speak javascript yet, but want to learn it, using the google maps API gives you a head start. We will walk through the components of the google maps API, emphasizing the javascript language features and their application to the API design as well as discussing the API itself.
-
7:45
»
SecDocs
Authors:
Steffen Meschkat Tags:
Javascript Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: The web application programming interface (API) that allows to embed google maps in web pages is quite simple, if you speak javascript, yet it employs some of the more sophisticated concepts of the language, such as custom objects and closures. So if you don't speak javascript yet, but want to learn it, using the google maps API gives you a head start. We will walk through the components of the google maps API, emphasizing the javascript language features and their application to the API design as well as discussing the API itself.
-
-
8:05
»
Packet Storm Security Exploits
The Liferay JSON implementation does not check if a user calling a method on a serviceClass is disabled. Usually the default administrator user, test@liferay.com, is used to create a new administrator and disabled without a change to the default password, so it is possible to use it to execute JSON API calls. Versions 6.0.5 and 6.0.6 are vulnerable.
-
8:05
»
Packet Storm Security Recent Files
The Liferay JSON implementation does not check if a user calling a method on a serviceClass is disabled. Usually the default administrator user, test@liferay.com, is used to create a new administrator and disabled without a change to the default password, so it is possible to use it to execute JSON API calls. Versions 6.0.5 and 6.0.6 are vulnerable.
-
8:05
»
Packet Storm Security Misc. Files
The Liferay JSON implementation does not check if a user calling a method on a serviceClass is disabled. Usually the default administrator user, test@liferay.com, is used to create a new administrator and disabled without a change to the default password, so it is possible to use it to execute JSON API calls. Versions 6.0.5 and 6.0.6 are vulnerable.
-
-
17:00
»
SecuriTeam
Oracle Database Server is prone to a security-bypass vulnerability.
-
-
7:01
»
Hack a Day
The guys over at embdSocial sent in a project they’ve been working on for a while. It’s a small wifi module for an Arduino or other microcontroller called Wisp. Unlike the many, many other wifi breakout boards we’ve seen, the Wisp has a truly incredible amount of potential. With an API that allows an Arduino [...]
-
-
15:01
»
Hack a Day
So you can spend a bundle on a new phone and it comes with a voice-activated digital assistant. But let’s be honest, it’s much more satisfying if you coded up this feature yourself. Here’s a guide on doing just that by combining an Asterisk server with the Wolfram Alpha API. Asterisk is a package we [...]
-
-
12:26
»
Packet Storm Security Recent Files
NiX API is a powerful anti-proxy, anti-fraud, and IP reputation lookup API. It uses the NiX database at cli.nixapi.com to determine IP country/region/city, data center details, satellite provider details, open proxy details, and Tor network association.
-
12:26
»
Packet Storm Security Tools
NiX API is a powerful anti-proxy, anti-fraud, and IP reputation lookup API. It uses the NiX database at cli.nixapi.com to determine IP country/region/city, data center details, satellite provider details, open proxy details, and Tor network association.
-
12:26
»
Packet Storm Security Misc. Files
NiX API is a powerful anti-proxy, anti-fraud, and IP reputation lookup API. It uses the NiX database at cli.nixapi.com to determine IP country/region/city, data center details, satellite provider details, open proxy details, and Tor network association.
-
-
7:54
»
Packet Storm Security Exploits
This proof of concept exploit sets permissions to 444 on an arbitrary file specified as an argument by leveraging SIGSTOP/SIGCONT signals and the Inotify API to win a race condition in X.
-
7:54
»
Packet Storm Security Recent Files
This proof of concept exploit sets permissions to 444 on an arbitrary file specified as an argument by leveraging SIGSTOP/SIGCONT signals and the Inotify API to win a race condition in X.
-
7:54
»
Packet Storm Security Misc. Files
This proof of concept exploit sets permissions to 444 on an arbitrary file specified as an argument by leveraging SIGSTOP/SIGCONT signals and the Inotify API to win a race condition in X.
-
-
7:29
»
Packet Storm Security Recent Files
Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
-
7:29
»
Packet Storm Security Misc. Files
Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
-
-
18:38
»
Packet Storm Security Exploits
The Trend WebReputation API suffers from a download content-filter circumvention vulnerability when appending a question mark to the end of any URL. Version 10.5 is affected.
-
18:38
»
Packet Storm Security Recent Files
The Trend WebReputation API suffers from a download content-filter circumvention vulnerability when appending a question mark to the end of any URL. Version 10.5 is affected.
-
18:38
»
Packet Storm Security Misc. Files
The Trend WebReputation API suffers from a download content-filter circumvention vulnerability when appending a question mark to the end of any URL. Version 10.5 is affected.
-
-
22:01
»
Packet Storm Security Tools
PinkTrace is a lightweight C99 library that eases the writing of tracing applications. It consists of wrappers around different ptrace() requests, an API for decoding arguments and an experimental API for encoding arguments.
-
15:42
»
Packet Storm Security Tools
PinkTrace is a lightweight C99 library that eases the writing of tracing applications. It consists of wrappers around different ptrace() requests, an API for decoding arguments and an experimental API for encoding arguments.
-
-
20:01
»
Packet Storm Security Tools
PinkTrace is a lightweight C99 library that eases the writing of tracing applications. It consists of wrappers around different ptrace() requests, an API for decoding arguments and an experimental API for encoding arguments.
-
20:01
»
Packet Storm Security Recent Files
PinkTrace is a lightweight C99 library that eases the writing of tracing applications. It consists of wrappers around different ptrace() requests, an API for decoding arguments and an experimental API for encoding arguments.
-
-
11:00
»
Hack a Day
Google’s tentacles continue to wrap around every portion of our lives with the addition of an API for their PowerMeter software. The PowerMeter tool works with smart electricity meters to monitor and display power usage in the home. This will allow manufacturers (and hackers alike) to design new devices with the Google interface in mind.
We’ve [...]
-
-
15:00
»
Packet Storm Security Advisories
Insomnia Security Vulnerability Advisory - A flaw exists with the handling of malformed URL's passed through the ShellExeute() API in Microsoft Windows. The vulnerability does not directly cause an issue within Windows itself however, applications that call the flawed API may be vulnerable to various attacks, one of which is shown in this report.