Category - API Security Blog

BigBountyRecon – This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation

[![](https://1.bp.blogspot.com/-1de0aBPNIWk/YAUWk6HkngI/AAAAAAAAVBA/s_ZSe7IlI7IkK-BtzxPMSmMHzAoV1_H6QCNcBGAsYHQ/w640-h396/BigBountyRecon_1.png)]() BigBountyRecon tool utilises 58 different techniques ...

May 30, 2022

Exploit for Missing Authentication for Critical Function in Sap Netweaver Application Server Java

[CVE-2020-6287] SAP NetWeaver AS JAVA (LM Configuration Wizar...Read More ...

May 30, 2022

SAP Unauthenticated WebService User Creation

This module leverages an unauthenticated web service to submit a job which will create a user with a specified role. The job involves running a wizard. After the necessary action is taken, the job is ...

May 30, 2022

U.S. Dept Of Defense: SharePoint Web Services Exposed to Anonymous Access

Summary: Any unauthenticated/anonymous users are able to access the SharePoint Web Services (.wsdl files) for the ?????????? website. Description: The SharePoint installation for this particular site ...

May 30, 2022

Kentico CMS 12.0.14 Remote Command Execution Exploit

This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service S ...

May 30, 2022

Kentico CMS 12.0.14 Remote Command Execution

Post ContentRead More ...

May 30, 2022

Improper Restriction of XML External Entity Reference in soa-model

Soa-model is a toolkit and Java API for WSDL, WADL and XML Schema. An XML External Entity (XXE) vulnerability exists in versions of soa-model prior to 1.6.4 in the WSDLParser function. This issue has ...

May 30, 2022

CVE-2021-3690

buffer leak on incoming websocket PONG message may lead to DoSRead More ...

May 30, 2022