752 matches found
CVE-2018-17051
The CVE concerns K-Net Cisco Configuration Manager up to 2014-11-19 with a Cross-Site Scripting (XSS) vulnerability exploitable via devices.php. CNVD notes it affects PHP/MySQL based deployments. NVD describes XSS via devices.php but does not provide exploit specifics beyond that. No remediation ...
HPE XP P9000 Command View Advanced Edition Device Manager and Configuration Manager Information Disclosure Vulnerability
HPE XP P9000 Command View Advanced Edition CAVE is a suite of device management software from Hewlett Packard Enterprise HPE that enables storage management of HPE XP7 disk array products.Device Manager is one of the Device Manager is a device management component; Configuration Manager is a...
Information disclosure
A security vulnerability in HPE XP P9000 Command View Advanced Edition CVAE Device Manager DevMgr 8.5.0-00 and prior to 8.6.0-00, Configuration Manager CM 8.5.0-00 and prior to 8.6.0-00 could be exploited to allow local and remote unauthorized access to sensitive information...
CVE-2018-7077
A security vulnerability in HPE XP P9000 Command View Advanced Edition CVAE Device Manager DevMgr 8.5.0-00 and prior to 8.6.0-00, Configuration Manager CM 8.5.0-00 and prior to 8.6.0-00 could be exploited to allow local and remote unauthorized access to sensitive information...
CVE-2018-7077
A security vulnerability in HPE XP P9000 Command View Advanced Edition CVAE Device Manager DevMgr 8.5.0-00 and prior to 8.6.0-00, Configuration Manager CM 8.5.0-00 and prior to 8.6.0-00 could be exploited to allow local and remote unauthorized access to sensitive information...
CVE-2018-7077
A security vulnerability in HPE XP P9000 Command View Advanced Edition CVAE Device Manager DevMgr 8.5.0-00 and prior to 8.6.0-00, Configuration Manager CM 8.5.0-00 and prior to 8.6.0-00 could be exploited to allow local and remote unauthorized access to sensitive information...
CVE-2018-7077
The CVE-2018-7077 entry describes an information-disclosure vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager and Configuration Manager: DevMgr 8.5.0-00 and earlier, CM 8.5.0-00 and earlier, up to 8.6.0-00. Exploitation could allow local and remote unauthorized acc...
Security update for Adobe Flash Player: August 14, 2018
Security update for Adobe Flash Player: August 14, 2018 Summary This security update resolves vulnerabilities in Adobe Flash Player that is installed on any supported edition of Windows Server version 1803, Windows 10, version 1803, Windows Server 2016 version 1709, Windows 10, version 1709,...
Zoho ManageEngine 13 (13790 build) XSS / File Read / File Deletion
This issue has been reported to the vendor who has already published patches for this issue. https://www.manageengine.com/products/applicationsmanager/issues.html ========================== Advisory:Zoho manageengine Applications Manager Reflected XSSVulnerability Author: M3 From DBAppSecurity...
CVE-2018-2951
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Configuration Manager. Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where...
Code injection
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Configuration Manager. Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where...
CVE-2018-2951
CVE-2018-2951 affects Oracle’s PeopleSoft Enterprise PeopleTools, subcomponent Configuration Manager. Affected versions are 8.55 and 8.56. The vulnerability allows an unauthenticated attacker who can log on to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise the s...
Access Control Error Vulnerability in Multiple ZOHO Products
ZOHO ManageEngine Netflow Analyzer is a web-based bandwidth monitoring tool, and Network Configuration Manager is a suite of network configuration management, network change and configuration management NCCM software for configuring switches, routers, firewalls and other network devices. Network...
Multiple ZOHO Products Cross-Site Scripting Vulnerabilities
ZOHO ManageEngine Netflow Analyzer is a web-based bandwidth monitoring tool, and Network Configuration Manager is a suite of network configuration management, network change and configuration management NCCM software for configuring switches, routers, firewalls and other network devices. Network...
Cross site scripting
A reflected Cross-site scripting XSS vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject...
CVE-2018-12997
Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain...
CVE-2018-12998
A reflected Cross-site scripting XSS vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject...
Improper access control
Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain...
CVE-2018-12997
CVE-2018-12997 affects Zoho ManageEngine products: NetFlow Analyzer, Network Configuration Manager, OpManager, OpUtils, and Firewall Analyzer. The underlying issue is an Incorrect Access Control in FailOverHelperServlet, allowing unauthenticated attackers to read arbitrary server files by sending...
CVE-2018-12998
A reflected Cross-site scripting XSS vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject...