CVE-2020-11710

An issue was discovered in docker-kong for Kong through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1 Inaccurate Bug Scope - The issue scope was...

CVE-2020-11710

An issue was discovered in docker-kong for Kong through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1 Inaccurate Bug Scope - The issue scope was...

Design/Logic Flaw

An issue was discovered in docker-kong for Kong through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1 Inaccurate Bug Scope - The issue scope was...

CVE-2020-11710

CVE-2020-11710 affects docker-kong/Kong up to version 2.0.3, where the Admin API port may be exposed on interfaces other than 127.0.0.1. The evidence in connected documents centers on a Kong admin API access issue via docker-kong templates, with a vendor note that the scope/patch references are d...

PT-2020-12797 · Kong · Docker-Kong

Name of the Vulnerable Software and Affected Versions: docker-kong versions through 2.0.3 Description: An issue was discovered where the admin API port may be accessible on interfaces other than 127.0.0.1. The vendor argues that this is not a vulnerability because it has an inaccurate bug scope a...

UBUNTU-CVE-2020-10574

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...

CVE-2020-10574

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...

CVE-2020-10574

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...

CVE-2019-12182

Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API...

Total.js CMS Remote Code Execution Vulnerability

Total.js CMS is a content management system CMS based on a NoSQL database. A security vulnerability exists in the controllers/admin.js file in version 13 of Total.js CMS. The vulnerability can be exploited by a remote attacker to execute arbitrary code by sending a POST request to the...

Design/Logic Flaw

controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954...

Cross site scripting

IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158113...

CVE-2019-4115

IBM WebSphere eXtreme Scale Admin API (v8.6) is affected by cross-site scripting in the Admin UI, enabling injection of arbitrary JavaScript and potential credential disclosure within a trusted session. Root cause: inadequate input sanitization in the Admin UI. Impact is described in multiple sou...

PT-2019-16904 · Ibm · Ibm Websphere Extreme Scale

Name of the Vulnerable Software and Affected Versions: IBM WebSphere eXtreme Scale version 8.6 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session. This...

CVE-2018-12409

The CVE-2018-12409 issue affects TIBCO Silver Fabric, specifically the SOAP Admin API component. The vulnerability is a reflected cross-site scripting (XSS) flaw in the SOAP Admin API, with affected releases up to and including 5.8.1. Reports from TIBCO’s advisory indicate the impact could enable...

CVE-2018-12409

The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting XSS attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1...

Cross site scripting

The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting XSS attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1...

CVE-2018-12409

The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting XSS attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1...

TIBCO Security Advisory: February 13, 2019 - TIBCO SilverFabric

TIBCO Silver Fabric Vulnerable to Reflected Cross-Site Scripting attacks Original release date: February 13,2019 Last revised: CVE-2018-12409 Source: TIBCO Software Inc. TIBCO Silver Fabric Vulnerable to Reflected Cross-Site Scripting attacks Original release date: February 13, 2019 Last revised:...

Authentication Bypass

github.com/minio/minio is vulnerable to authentication bypass attacks. The vulnerability exists as attackers can modify pre-signed signature V2 requests to make Admin-API calls...