Admin Security Vulnerabilities

CVE-2018-1230

Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of...

CVE-2018-1229

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. An unauthenticated malicious user with network access to Spring Batch Admin could store an arbitrary web script that would be executed by other users. This issue has not been patched because...

CVE-2018-7677

A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server...

CVE-2018-7678

A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and...

CVE-2018-1000025

Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from....

CVE-2017-12098

An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can...

CVE-2017-12882

Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload...

CVE-2017-12881

Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload...

CVE-2017-1092

IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID:...

CVE-2017-2171

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior...

CVE-2016-1000126

Reflected XSS in wordpress plugin admin-font-editor...

CVE-2015-4127

Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to...

CVE-2014-2655

SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new...

CVE-2013-0492

Cross-site scripting (XSS) vulnerability in IBM Informix Open Admin Tool (OAT) 2.x and 3.x before 3.11.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted...

CVE-2009-2557

Directory traversal vulnerability in system/download.php in Admin News Tools 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the fichier...

CVE-2009-2558

system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote attackers to post news messages via a direct...

CVE-2008-4455

Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the language...

CVE-2008-3776

Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the...

CVE-2008-2813

Directory traversal vulnerability in index.php in WallCity-Server Shoutcast Admin Panel 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page...

CVE-2008-2814

Cross-site scripting (XSS) vulnerability in WallCity-Server Shoutcast Admin Panel 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter to the login interface. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

CVE-2007-6233

Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or...

CVE-2007-6232

Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page...

CVE-2007-6234

index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user...

CVE-2007-0060

Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath...

CVE-2007-1345

Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset...

CVE-2007-1219

PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path...

CVE-2006-6045

Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin Pro 4.1 allow remote attackers to execute arbitrary PHP code via a URL in the path[skin] parameter to (1) adminfoot.php, (2) adminhead.php, or (3)...

CVE-2005-3653

Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length...

CVE-2005-4207

SQL injection vulnerability in BTGrup Admin WebController Script allows remote attackers to execute SQL commands via the (1) Username and (2) Password...

CVE-2005-2667

Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows attackers to cause a denial of service via unknown vectors, aka the "CAM TCP port...

CVE-2005-2668

Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown...

CVE-2005-2669

Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT...

CVE-2004-0535

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some...

CVE-2004-0460

Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5).....

CVE-2004-0461

The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of...

CVE-2004-0495

Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking...

CVE-2004-0554

Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c"...

CVE-2000-0707

PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative...