API - API Security Blog

Some Worms Use Their Powers for Good

[![Computer Worm](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiRtnVE2yAyfuCalSQ9W991sYnc1ob8giQ0t28gacRTEU7GVN47pHwGNM-qrSFiTl4vdzuliMLVEiRld3xd8p7XY_UlofdmdXbDoAd_eBieNTCXEZ1mR-m6uuh3Qt ...

July 04, 2022

Exploit for Vulnerability in Microsoft

# CVE-2022-26809-POC metasploit module for CVE-2022-26809 window...Read More ...

July 04, 2022

Idor Lead to Delete exported data file

# Description In this case attacker is able to delete requested export data file Steps to repro:- 1.Create 2 accounts 2.Login in both account and goto export section and create new export in both acc ...

July 03, 2022

Full Read Server-Side Request Forgery (SSRF)

# ?? Requirements Privileges: None. # ? Description The `avatarUrl` post parameter from `/api/users.update` and `/api/teams.update` api endpoint isn't sanitize and permit to get a full read SSRF explo ...

July 03, 2022

Multiple Reflected XSS Vulnerabilities in error handlers

# Description Multiple routing error handlers are vulnerable to reflected XSS. # Proof of Concept Deploy `trilium` server and access to these endpoint will execute the alert js function. ``` https://l ...

July 02, 2022

Microsoft-365-Extractor-Suite – A Set Of PowerShell Scripts That Allow For Complete And Reliable Acquisition Of The Microsoft 365 Unified Audit Log

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkuPSNkz86M9RXdtveFyu-enbmVw-pZuBVCBVvdyPmJxBTSJE8ydiSS41UB_w4KcJtENADXJKCtwWAhxw2hD1IHHmnkXbV2A6FbjBU-4utgSpv4wgQI9ofn5G5uWpX78FWtlZyuJ ...

July 02, 2022

[SECURITY] Fedora 36 Update: golang-github-prometheus-client-1.12.2-2.fc36

This is the Go client library for Prometheus. It has two separate parts, on e for instrumenting application code, and one for creating clients that talk to t he Prometheus HTTP API.Read More ...

July 01, 2022

[SECURITY] Fedora 36 Update: golang-github-vultr-govultr-2-2.17.2-1.fc36

Vultr Go API client.Read More ...

July 01, 2022