133 matches found
CVE-2021-34739 Cisco Small Business Series Switches Session Credentials Replay Vulnerability
A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This...
CVE-2021-34739 Cisco Small Business Series Switches Session Credentials Replay Vulnerability
A vulnerability in the web-based management interface of multiple Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to replay valid user session credentials and gain unauthorized access to the web-based management interface of an affected device. This...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...
Sonicwall SonicOS 6.5.4 - (Common Name) Cross-Site Scripting Vulnerability
Exploit Title: Sonicwall SonicOS 6.5.4 - 'Common Name' Cross-Site Scripting XSS Vendor Homepage: https://www.sonicguard.com/NSV-800.asp Product & Service Introduction: =============================== The design, implementation and deployment of modern network architectures, such as virtualization...
IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2021-88192)
IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting vulnerability exists in IBM Sterling B...
IBM Sterling B2B Integrator 跨站脚本漏洞
IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting vulnerability exists in IBM Sterling B...
CVE-2021-33683
SAP Web Dispatcher and Internet Communication Manager ICM, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83,...
IBM Engineering Workflow Management Cross-Site Scripting Vulnerability (CNVD-2021-14750)
IBM Engineering Workflow Management EWM is a team collaboration tool that integrates a variety of development tasks, including iteration planning, process definition, change management, defect tracking, source code control, build automation, and reporting. A cross-site scripting vulnerability...
IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2020-30833)
IBM Jazz Reporting Service JRS is a suite of ready-to-use reporting components from IBM in the United States. The product includes features such as report generation, data collection and lifecycle queries. A cross-site scripting vulnerability exists in Report Builder in IBM JRS versions 7.0,...
Authorization Bypass
rhn-client-tools is vulnerable to authorization bypass. The vulnerability exists as it was discovered that rhn-client-tools set insecure permissions on the loginAuth.pkl file, used to store session credentials for authenticating connections to Red Hat Network servers. A local, unprivileged user...
CVE-2019-18791
Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser...
CVE-2019-18791
Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser...
Cross site scripting
Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser...
CVE-2019-18791
Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser...
PT-2019-2565 · Abb · Abb Idal
Name of the Vulnerable Software and Affected Versions: ABB IDAL affected versions not specified Description: The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, the...
CVE-2018-0046 Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS
A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions...
Anghami - Persistent Input Validation Vulnerability
Document Title: =============== Anghami - Persistent Input Validation Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2144 View Video: https://www.youtube.com/watch?v=7CnXLxs6CXo Release Date: ============= 2018-08-26 Vulnerability Laboratory ID VL-ID:...
CVE-2018-13002
An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the wFilemanager.php and index.php files of the /grid5/scripts/ modules. The injection point is located in the Project Title and the execution point occurs in the Inhaltsprojekt...
Design/Logic Flaw
An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the wFilemanager.php and index.php files of the /grid5/scripts/ modules. The injection point is located in the Project Title and the execution point occurs in the Inhaltsprojekt...
Trend Micro IMSVA Management Portal Authentication Bypass (CVE-2018-3609)
An authentication bypass exists in Trend Micro InterScan Mail Security Virtual Appliance. The vulnerability is due to insufficient protection of a log file containing session credentials for authenticated users...