Lucene search
K

112 matches found

Cvelist
Cvelist
added 2020/07/30 12:53 p.m.20 views

CVE-2020-8222

A path traversal vulnerability exists in Pulse Connect Secure 9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting...

7.1AI score0.0228EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/07/30 12:0 a.m.6 views

PT-2020-20033 · Pulse Secure · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R8 Description: A path traversal issue exists, allowing an authenticated attacker to read arbitrary files via the administrator web interface. Recommendations: For versions prior to 9.1R8, update to...

4.9CVSS5.1AI score0.0228EPSS
Exploits0References3
CNVD
CNVD
added 2020/01/14 12:0 a.m.3 views

TRS Haiyun Government Intensive Intelligent Portal Platform suffers from unauthorized access vulnerability

TRS Haiyun Government Intensive Intelligent Portal Platform is a new generation of government intensive intelligent portal platform independently developed by TORS. TRS Haiyun Government Intensive Intelligent Portal Platform has an unauthorized access vulnerability. Attackers can use the...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/09/18 12:0 a.m.35 views

IBM WebSphere Portal Security Bypass Vulnerability (CVE-2018-1672)

The version of IBM WebSphere Portal installed on the remote Windows host is affected by a security bypass vulnerability due to improper validaiton of user context during impersionation senarios. An authenticated, remote attacker can exploit this, to perform actions in the user or administrator...

6.5CVSS6.2AI score0.01156EPSS
Exploits0References2
CNVD
CNVD
added 2019/09/03 12:0 a.m.7 views

Canon PRINT Information Disclosure Vulnerability

Canon PRINT is a mobile application for controlling and managing printers from Canon Japan. A security vulnerability exists in Canon PRINT version 2.5.5, which arises from the program's failure to properly restrict access to data. The vulnerability can be exploited by an attacker with a malicious...

5.5CVSS6.6AI score0.05393EPSS
Exploits6References1
BDU FSTEC
BDU FSTEC
added 2019/08/13 12:0 a.m.5 views

The vulnerability of the page handler /api/cmdb web interface of the FortiOS operating system allows attackers to execute cross-site scripting attacks.

The vulnerability of the page handler /api/cmdb web interface of the FortiOS operating system is related to errors during HTTP request filtering. Exploiting this vulnerability allows a malicious actor to perform cross-site attacks using specially crafted POST requests sent to the /api/cmdb page...

6CVSS5.4AI score
Exploits0Affected Software1
OSV
OSV
added 2019/07/08 6:15 p.m.4 views

CVE-2019-10973

Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface...

7.2CVSS7.1AI score
Exploits0References2
CNVD
CNVD
added 2019/07/03 12:0 a.m.4 views

Django Security Bypass Vulnerability (CNVD-2019-21074)

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. A security vulnerability exists in Django that stems from the program's failure to properly handle...

5.3CVSS6.8AI score0.01697EPSS
Exploits0References1
NVD
NVD
added 2019/05/13 9:29 p.m.23 views

CVE-2018-16136

An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't check for Anti-CSRF tokens, allowing the submission of multiple forms unwillingly by a victim...

8.8CVSS8.7AI score0.00614EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/05/13 8:16 p.m.20 views

CVE-2018-16136

An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't check for Anti-CSRF tokens, allowing the submission of multiple forms unwillingly by a victim...

8.7AI score0.00614EPSS
Exploits1References1
Prion
Prion
added 2019/01/29 6:29 p.m.16 views

Cross site scripting

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3...

3.5CVSS4.9AI score0.0061EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/11/17 3:29 p.m.2 views

CVE-2018-19332

An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI...

8.8CVSS5.8AI score0.00465EPSS
Exploits1References1
seebug.org
seebug.org
added 2018/01/10 12:0 a.m.76 views

CPP-Ethereum JSON-RPC miner_setEtherbase improper authorization Vulnerability(CVE-2017-12115)

Summary An exploitable improper authorization vulnerability exists in minersetEtherbase API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON t...

8.1AI score0.01591EPSS
Exploits2
CNVD
CNVD
added 2017/07/14 12:0 a.m.5 views

Juniper Junos Authentication Bypass Vulnerability (CNVD-2016-09599)

Juniper Junos is a Juniper Networks network operating system designed for the company's hardware systems. The operating system provides a secure programming interface and the JunosSDK. Juniper Junos has an authentication bypass vulnerability. A remote attacker could use this vulnerability to acce...

10CVSS7.2AI score0.01822EPSS
Exploits0References1
CNVD
CNVD
added 2016/05/27 12:0 a.m.5 views

Pulse Connect Secure Cross-Site Scripting Vulnerability

Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure, a US-based company. A cross-site scripting vulnerability exists in the administrator user interface of PCS. A remote attacker could exploit this vulnerability to inject arbitrary...

5.5CVSS6.1AI score0.01001EPSS
Exploits0References1
CNVD
CNVD
added 2016/05/27 12:0 a.m.5 views

Pulse Connect Secure Cross-Site Scripting Vulnerability (CNVD-2016-03677)

Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure, a US-based company. A cross-site scripting vulnerability exists in the system configuration section of the administrator user interface of PCS. A remote attacker could exploit th...

6.1CVSS6.1AI score0.01103EPSS
Exploits0References1
CNVD
CNVD
added 2016/05/27 12:0 a.m.8 views

Pulse Connect Secure Request Forgery Vulnerability

Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure, a US-based company. A security vulnerability exists in the administrator user interface of PCS. A remote attacker could exploit this vulnerability to enumerate files, read...

8.6CVSS6.9AI score0.02242EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2016/03/01 12:0 a.m.42 views

ATutor 2.2.1 SQL Injection / Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ATutor 2.2.1 SQL Injection / Remote Code Execution', 'Description' = %q This module exploits a SQL Injection vulnerability and an...

5.1CVSS0.2AI score0.79622EPSS
Exploits7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

IBM OmniFind CSRF Vulnerability

No description provided by source. The forms in the administrator interface are not protected against XSRF. The attacker can do any action in the context of the victim. An example attack scenario could be: The attacker creates a malicious website with a prepared form to add a new user, which will...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/11/12 4:13 p.m.7 views

Satellite: Interface to create the initial administrator user remains open after installation

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts...

7.5CVSS5.9AI score0.02134EPSS
Exploits0References4
Rows per page
Query Builder