10 matches found
EUVD-2018-12867
Malware in sbrugna...
Ivanti vADC 9.9 - Authentication Bypass Exploit
Exploit Title: Ivanti vADC 9.9 - Authentication Bypass Exploit Author: ohnoisploited Vendor Homepage: https://www.ivanti.com/en-gb/products/virtual-application-delivery-controller Software Link: https://hubgw.docker.com/r/pulsesecure/vtm Version: 9.9 Tested on: Linux Name Changes: Riverbed...
CVE-2021-31922
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3...
Design/Logic Flaw
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3...
CVE-2021-31922
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3...
Pulse Secure Virtual Traffic Manager Information Disclosure Vulnerability
Pulse Secure Virtual Traffic Manager is a software-based, high-performance application delivery controller from Pulse Secure, USA. A security vulnerability exists in Pulse Secure Virtual Traffic Manager versions 9.9 prior to 9.9r2 and 10.4r1 prior to 10.4r1, which stems from the program failing t...
CVE-2018-20306
A stored cross-site scripting XSS vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secur...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secur...
CVE-2018-20306
A stored cross-site scripting XSS vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secur...
CVE-2018-20306
CVE-2018-20306 is a stored XSS vulnerability in the web administration UI of Pulse Secure Virtual Traffic Manager (vTM). Affected: vTM 9.9 before 9.9r2, 10.4r1, and 17.2r1 (per multiple sources). The issue can let an authenticated remote attacker inject script/HTML via a crafted website to steal ...