103 matches found
Marvell QConvergeConsole GUI 路径遍历漏洞
Marvell QConvergeConsole QCC is a unified adapter management software across data centers from Marvell. The software is primarily used for Ethernet and Fibre Channel adapter management, among other things. A path traversal vulnerability exists in the Marvell QConvergeConsole GUI version 5.5.0.74,...
Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale GUI where an unauthorised user can execute commands (CVE-2020-4348)
Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale GUI that could allow an unauthorised user to execute commands . A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4348 DESCRIPTION: IBM Spectrum Scale could allow an authenticat...
CVE-2019-5408
Command View Advanced Edition CVAE products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version...
Cisco Wireless LAN Controller Software GUI Elevation of Privilege Vulnerability
Cisco Wireless LAN Controller WLC is a wireless LAN controller product from Cisco USA. The product provides security policy, intrusion detection and other functions in the wireless LAN. The Cisco Wireless LAN Controller Software GUI elevation of privilege vulnerability is caused by incorrect...
CVE-2018-2904
Vulnerability in the Oracle Communications EAGLE LNP Application Processor component of Oracle Communications Applications subcomponent: GUI. The supported version that is affected is 10.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2017-12226
A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E Wireless Switches, and Cisco New Generation Wireless Controllers NGWC 3850 could allow an authenticated, remote attacker to elevate...
CVE-2017-6618
A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC 3.01c could allow an authenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker cou...
CVE-2017-3801
A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control RBAC...
The vulnerability of the Oracle VM VirtualBox virtual machine allows a hacker to gain access to data reading, modify data, or cause a partial service failure.
The vulnerability of the GUI component of the Oracle VM VirtualBox lies in security configuration errors. Exploiting this vulnerability allows a malicious actor to gain read access to data, modify, add, or delete data, or cause partial service failure through HTTP requests...
CVE-2017-3316
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: GUI. Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
UBUNTU-CVE-2017-3316
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: GUI. Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
Oracle VM VirtualBox Remote Vulnerability
Oracle Virtualization Oracle VirtualBox is a virtual machine component of Oracle's virtualization solution. A security vulnerability exists in the GUI subcomponent of the Oracle VM VirtualBox component in Oracle Virtualization. An attacker could exploit this vulnerability to compromise the...
Unspecified Vulnerability in Oracle Communications Applications PCz Oracle Enterprise Communications Broker group
Oracle Communications is Oracle's suite of applications for rapidly delivering and monetizing digital life communications. oracle Enterprise Communications Broker is one of the components used to manage the enterprise voice, video, and unified communications network. An unspecified vulnerability...
CVE-2016-1297
The Device Manager GUI in Cisco Application Control Engine ACE 4710 A5 before A53.1 allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801...
Cisco Connected Grid Network Management System Elevation of Privilege Vulnerability
Cisco Connected Grid Network Management System CG-NMS is an end-to-end smart grid management system from Cisco. A security vulnerability exists in the web GUI of Cisco CG-NMS version 3.00.35 and 3.00.54. A remote attacker can exploit the vulnerability via the Monitor-Only role to bypass establish...
foomatic-gui python-foomatic 0.7.9.4 - pysmb.py Arbitrary Shell Command Execution
foomatic-gui python-foomatic 0.7.9.4 - pysmb.py Arbitrary Shell Command Execution source: https://www.securityfocus.com/bid/48982/info foomatic-gui is prone to a remote arbitrary shell-command-execution vulnerability because the application fails to properly sanitize user-supplied input. An...
UBUNTU-CVE-2010-2397
Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to the GUI...
Code injection
Unspecified vulnerability in the GUI in Symantec Altiris Notification Server Agent 6.x before 6.0 SP3 R8 allows local users to gain privileges via unknown attack vectors...
Code injection
The GUI for aptlinex before 0.91 does not sufficiently warn the user of potentially dangerous actions, which allows remote attackers to remove or modify packages via an apt:// URL...
CVE-2006-3785
Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif aka caller or CallerID file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin...