Cross site scripting

Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL...

CVE-2019-9841

Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL...

CVE-2019-9841

Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL...

CVE-2019-9841

CVE-2019-9841 affects Vesta Control Panel 0.9.8-23 and is a reflected/URL-based cross-site scripting vulnerability disclosed by multiple sources (NVD, OSV, CVE List). The issue is triggered by a crafted URL that leads to XSS in the product’s web interface (notably via the file-manager API per lin...

CVE-2018-13810

A vulnerability has been identified in CP 1604 All versions, CP 1616 All versions. The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery CSRF attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation...

DirectAdmin 1.561 - Multiple Vulnerabilities

DirectAdmin 1.561 - Multiple Vulnerabilities Title: DirectAdmin Multiple Vulnerabilities to Takeover the Server = v1.561 Date: 12.04.2019 Author: InfinitumIT Vendor Homepage: https://www.directadmin.com/ Version: Up to v1.561. CVE: CVE-2019-11193 [email protected] && infinitumit.com.tr...

Juniper Networks EX4300-MP Junos OS Security Feature Issue Vulnerability

The Juniper Networks EX4300-MP is a 4300 series enterprise switch from Juniper Networks, U.S.A. Junos OS is a set of network operating systems dedicated to the company's hardware devices. A security vulnerability exists in Juniper Networks EX4300-MP in Junos OS version 18.2. An attacker could...

DirectAdmin 1.561 Cross Site Scripting

Title: DirectAdmin Multiple Vulnerabilities to Takeover the Server = v1.561 Date: 12.04.2019 Author: Numan OZDEMIR Vendor Homepage: https://www.directadmin.com/ Version: Up to v1.561. CVE: CVE-2019-11193 [email protected] && [email protected] Detailed:...

TP-Link Routers Vulnerable to Zero-Day Buffer Overflow Attack

Two models of TP-Link’s budget routers are vulnerable to zero-day flaws that allow attackers to take control of both. The routers in question are models TP-Link WR940N and TL-WR941ND, according IBM Security, which found the bugs and posted a technical analysis on its discoveries on Monday. “In th...

Synology DiskStation Manager Cross-Site Scripting Vulnerability (CNVD-2019-08963)

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A cross-site scripting vulnerability exists in the Control Panel SSO setting ...

CVE-2019-5890

An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions...

Authentication flaw

An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions...

Cross site scripting

Cross-site scripting XSS vulnerability in Control Panel SSO Settings in Synology DiskStation Manager DSM before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter...

CVE-2018-13293

Cross-site scripting XSS vulnerability in Control Panel SSO Settings in Synology DiskStation Manager DSM before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter...

CVE-2019-5890

An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions...

CVE-2019-5890

Affected software: OverIT Geocall 6.3 (before build 2:346977). Vulnerability: Weak authentication and session management allow an authenticated user to access the Administrative control panel and execute administrative functions. Root cause (as described): Improper session handling enabling eleva...

CVE-2018-13293

CVE-2018-13293 affects Synology DiskStation Manager (DSM) Control Panel SSO Settings prior to 6.2.1-23824. The vulnerability is a cross-site scripting (XSS) flaw that allows remote authenticated users to inject arbitrary web script or HTML via a URL parameter. Evidence across multiple sources con...

CVE-2018-13293

Cross-site scripting XSS vulnerability in Control Panel SSO Settings in Synology DiskStation Manager DSM before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter...

PT-2019-8958 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.1-23824 Description: A cross-site scripting XSS issue exists in the Control Panel SSO Settings of Synology DiskStation Manager DSM, allowing remote authenticated users to inject arbitrary...

Security Bulletin: Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench affected by Spring vulnerability (CVE-2018-15756)

Summary The Spring framework is vulnerable to a security issue affecting the Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench. Vulnerability Details CVEID: CVE-2018-15756 DESCRIPTION: Pivotal Spring Framework is vulnerable to a denial of...