112 matches found
CVE-2022-38123
Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0...
Input validation
Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0...
CVE-2022-38123 Insufficient validation of plugin files
Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0...
PT-2022-24217 · Secomea · Secomea Gatemanager
Name of the Vulnerable Software and Affected Versions: Secomea GateManager versions prior to 10.0 Description: The issue is related to improper input validation of plugin files in the Administrator Interface of Secomea GateManager, allowing a server administrator to inject code into the GateManag...
Secomea GateManager 输入验证错误漏洞
Secomea GateManager is a remote access server product from Secomea, Denmark. A security vulnerability exists in Secoema GateManager versions prior to 10.0, which stems from incorrect input validation of a plug-in file in the administrator interface allowing a server administrator to inject code...
Proofpoint Enterprise Protection 代码注入漏洞
Proofpoint Enterprise Protection is an application from Proofpoint USA. It provides functionality to protect e-mail. A code injection vulnerability exists in Proofpoint Enterprise Protection PPS/PoD version 8.19.0 and prior versions, which stems from the administrator user interface containing a...
Xxe
XML External Entity XXE vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported...
Cross site scripting
Cross Site Scripting XSS vulnerability in McAfee Network Security Manager NSM prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in a...
CVE-2021-41590
In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify th...
CVE-2021-41619
An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface available to administrators allows specifying arbitrary Java Virtual Machine startup options. Some of the...
ProLink PRC2402M Information Disclosure Vulnerability (CVE-2021-36708)
ProLink PRC2402M is a router from ProLink Singapore. An information disclosure vulnerability exists in the setsysinit function in the login.cgi binary file of ProLink PRC2402M 1.0.18 and prior versions. An attacker can exploit this vulnerability to reset the password in the administrator interfac...
CVE-2021-22937
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface...
Design/Logic Flaw
Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security DBSec prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to...
CVE-2021-25644
An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators...
ASUS GT-AC2900 authorization issue vulnerability
ASUS GT-AC2900 is a router from ASUS China.A security vulnerability exists in versions prior to ASUS GT-AC2900 devices 3.0.0.4.386.42643, which allows the administrator application to allow bypass of authentication when handling remote input from unauthenticated users, which could be exploited by...
CVE-2021-32030
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.438446630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handlereques...
Authentication flaw
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handlerequest in router/httpd/httpd.c and authche...
CVE-2021-32030
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.438446630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handlereques...
PT-2020-15878 · Tenda · Tenda Ac18 Router
Name of the Vulnerable Software and Affected Versions: Tenda AC18 Router versions through V15.03.05.05 EN Tenda AC18 Router versions through V15.03.05.196318 CN Description: The issue is related to incorrect authentication handling of the logincheck function in the /usr/lib/lua/ngx authserver/ngx...
Path traversal
A path traversal vulnerability exists in Pulse Connect Secure 9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface...