112 matches found
CVE-2020-8222
A path traversal vulnerability exists in Pulse Connect Secure 9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting...
PT-2020-20033 · Pulse Secure · Pulse Connect Secure
Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R8 Description: A path traversal issue exists, allowing an authenticated attacker to read arbitrary files via the administrator web interface. Recommendations: For versions prior to 9.1R8, update to...
TRS Haiyun Government Intensive Intelligent Portal Platform suffers from unauthorized access vulnerability
TRS Haiyun Government Intensive Intelligent Portal Platform is a new generation of government intensive intelligent portal platform independently developed by TORS. TRS Haiyun Government Intensive Intelligent Portal Platform has an unauthorized access vulnerability. Attackers can use the...
IBM WebSphere Portal Security Bypass Vulnerability (CVE-2018-1672)
The version of IBM WebSphere Portal installed on the remote Windows host is affected by a security bypass vulnerability due to improper validaiton of user context during impersionation senarios. An authenticated, remote attacker can exploit this, to perform actions in the user or administrator...
Canon PRINT Information Disclosure Vulnerability
Canon PRINT is a mobile application for controlling and managing printers from Canon Japan. A security vulnerability exists in Canon PRINT version 2.5.5, which arises from the program's failure to properly restrict access to data. The vulnerability can be exploited by an attacker with a malicious...
The vulnerability of the page handler /api/cmdb web interface of the FortiOS operating system allows attackers to execute cross-site scripting attacks.
The vulnerability of the page handler /api/cmdb web interface of the FortiOS operating system is related to errors during HTTP request filtering. Exploiting this vulnerability allows a malicious actor to perform cross-site attacks using specially crafted POST requests sent to the /api/cmdb page...
CVE-2019-10973
Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface...
Django Security Bypass Vulnerability (CNVD-2019-21074)
Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. A security vulnerability exists in Django that stems from the program's failure to properly handle...
CVE-2018-16136
An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't check for Anti-CSRF tokens, allowing the submission of multiple forms unwillingly by a victim...
CVE-2018-16136
An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't check for Anti-CSRF tokens, allowing the submission of multiple forms unwillingly by a victim...
Cross site scripting
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3...
CVE-2018-19332
An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI...
CPP-Ethereum JSON-RPC miner_setEtherbase improper authorization Vulnerability(CVE-2017-12115)
Summary An exploitable improper authorization vulnerability exists in minersetEtherbase API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON t...
Juniper Junos Authentication Bypass Vulnerability (CNVD-2016-09599)
Juniper Junos is a Juniper Networks network operating system designed for the company's hardware systems. The operating system provides a secure programming interface and the JunosSDK. Juniper Junos has an authentication bypass vulnerability. A remote attacker could use this vulnerability to acce...
Pulse Connect Secure Cross-Site Scripting Vulnerability
Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure, a US-based company. A cross-site scripting vulnerability exists in the administrator user interface of PCS. A remote attacker could exploit this vulnerability to inject arbitrary...
Pulse Connect Secure Cross-Site Scripting Vulnerability (CNVD-2016-03677)
Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure, a US-based company. A cross-site scripting vulnerability exists in the system configuration section of the administrator user interface of PCS. A remote attacker could exploit th...
Pulse Connect Secure Request Forgery Vulnerability
Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure, a US-based company. A security vulnerability exists in the administrator user interface of PCS. A remote attacker could exploit this vulnerability to enumerate files, read...
ATutor 2.2.1 SQL Injection / Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ATutor 2.2.1 SQL Injection / Remote Code Execution', 'Description' = %q This module exploits a SQL Injection vulnerability and an...
IBM OmniFind CSRF Vulnerability
No description provided by source. The forms in the administrator interface are not protected against XSRF. The attacker can do any action in the context of the victim. An example attack scenario could be: The attacker creates a malicious website with a prepared form to add a new user, which will...
Satellite: Interface to create the initial administrator user remains open after installation
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts...