Lucene search
+L

4990 matches found

nvd
nvd
added 2014/07/23 2:55 p.m.29 views

CVE-2014-4980

The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter...

5CVSS6.1AI score0.017EPSS
Exploits2References7
cvelist
cvelist
added 2014/07/23 2:0 p.m.39 views

CVE-2014-4980

The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter...

6.1AI score0.017EPSS
Exploits2References7
cve
cve
added 2014/07/23 2:0 p.m.55 views

CVE-2014-4980

The CVE-2014-4980 entry affects Tenable Nessus/Web UI, specifically Nessus versions 5.2.3–5.2.7. The issue is an information-disclosure vulnerability in the Web UI: the /server/properties endpoint can disclose sensitive data via the token parameter due to insufficient parameter checking. Reported...

5CVSS6.2AI score0.017EPSS
Exploits2References7Affected Software2
prion
prion
added 2014/07/22 2:55 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the 1 newListList:ExcludeFileOnExpression, 2 newListList:ExcludeFilesystems, or 3 newListList:ExcludeMountPaths parameter to...

4.3CVSS5.8AI score0.04464EPSS
Exploits1References6Affected Software1
cve
cve
added 2014/07/22 2:0 p.m.216 views

CVE-2014-2385

CVE-2014-2385 is a cross-site scripting vulnerability in the web UI of Sophos Anti-Virus for Linux (Configuration Console). The issue affects Sophos Anti-Virus 9.5.1 on Linux where several inputs in the web interface are not properly sanitized, enabling an attacker able to inject arbitrary HTML/J...

4.3CVSS5.7AI score0.04464EPSS
Exploits1References6Affected Software1
cvelist
cvelist
added 2014/07/22 2:0 p.m.23 views

CVE-2014-2385

Multiple cross-site scripting XSS vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the 1 newListList:ExcludeFileOnExpression, 2 newListList:ExcludeFilesystems, or 3 newListList:ExcludeMountPaths parameter to...

5.6AI score0.04464EPSS
Exploits1References6
securityvulns
securityvulns
added 2014/07/22 12:0 a.m.68 views

Nessus Web UI information leakage

Information leakage via Web...

5CVSS2.3AI score0.017EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2014/07/22 12:0 a.m.91 views

CVE-2014-4980 Parameter Tampering in Nessus Web UI - Remote Information Disclosure

Product: Nessus Vendor: Tenable Network Security? Version: Nessus 5.2.3-5.2.7 - Web UI 2.3.4 potentially lower Vendor Notified Date: June 24, 2014 Vendor Resolved Date: June 25, 2014 Release Date: July 18, 2014 Risk: Medium Authentication: Not Required Remote: Yes Description: A parameter tamperi...

5CVSS0.4AI score0.017EPSS
Exploits2
packetstorm
packetstorm
added 2014/07/21 12:0 a.m.56 views

Tenable Nessus 5.2.7 Parameter Tampering / Authentication Bypass

Product: Nessus Vendor: Tenable Network Security‎ Version: Nessus 5.2.3-5.2.7 - Web UI 2.3.4 potentially lower Vendor Notified Date: June 24, 2014 Vendor Resolved Date: June 25, 2014 Release Date: July 18, 2014 Risk: Medium Authentication: Not Required Remote: Yes Description: A parameter tamperi...

5CVSS0.3AI score0.017EPSS
Exploits2
seebug
seebug
added 2014/07/01 12:0 a.m.14 views

Metasploit 4.1.0 Web UI stored XSS Vulnerability

No description provided by source. Advisory: Metasploit 4.1.0 Web UI stored XSS vulnerability Advisory ID: SSCHADV2011-033 Author: Stefan Schurtz Affected Software: Successfully tested on Metasploit Community Edition Vendor URL: http://metasploit.com/ Vendor Status: informed...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.34 views

Ability Mail Server 2013 (3.1.1) - Stored XSS (Web UI)

No description provided by source. !/usr/bin/env python ''' Exploit Title: Ability Mail Server 2013 Stored XSS Date: 12/20/2013 Exploit Author: David Um Vendor Homepage: http://www.code-crafters.com/ Software Link: http://download.code-crafters.com/ams.exe Version: 3.1.1 Tested on: Windows Server...

4.3CVSS6.5AI score0.01441EPSS
Exploits7
seebug
seebug
added 2014/07/01 12:0 a.m.20 views

Ability Mail Server 2013 - Password Reset CSRF from Stored XSS (Web UI)

No description provided by source. On one machine Windows Server 2003, install a new instance of AMS with these configurations 1. Primary Domain: hack.local 2. Enable the WebMail Service 3. Domain Name: hack.local 4. Add a User and set Password. In this case I created a user named, victim, with a...

7.1AI score
Exploits0
nvd
nvd
added 2014/06/02 7:55 p.m.27 views

CVE-2014-2946

Cross-site request forgery CSRF vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request...

6.8CVSS7.1AI score0.01078EPSS
Exploits0References3
prion
prion
added 2014/06/02 7:55 p.m.17 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request...

6.8CVSS7.6AI score0.01078EPSS
Exploits0References3Affected Software3
cve
cve
added 2014/06/02 7:0 p.m.67 views

CVE-2014-2946

CVE-2014-2946 is a CSRF vulnerability in the Huawei E303 Web UI, affecting api/sms/send-sms. The issue affects Web UI version 11.010.06.01.858 on software 22.157.18.00.858 and allows an attacker to hijack administrator authentication to perform API operations, including sending SMS messages via c...

6.8CVSS7.3AI score0.01078EPSS
Exploits0References3Affected Software3
prion
prion
added 2014/05/30 5:55 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Web UI in IBM WebSphere Service Registry and Repository WSRR 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

4.3CVSS5.9AI score0.01161EPSS
Exploits0References4Affected Software1
cve
cve
added 2014/05/30 5:0 p.m.51 views

CVE-2014-3010

This CVE (CVE-2014-3010) is an XSS in the IBM WebSphere Service Registry and Repository (WSRR) Web UI. Affected products/versions include WSRR 6.2; 6.3 up to 6.3.0.6; 7.0 up to 7.0.0.6; 7.5 up to 7.5.0.5; and 8.0 up to 8.0.0.3. The root cause is improper handling of user-controllable input in URL...

4.3CVSS5.7AI score0.01161EPSS
Exploits0References4Affected Software1
nessus
nessus
added 2014/05/21 12:0 a.m.27 views

IBM Lotus Protector for Mail Security Multiple Vulnerabilities

A version of IBM Lotus Protector for Mail Security is installed on the remote host that is affected by multiple vulnerabilities : - An unspecified cross-site scripting vulnerability exists in the Admin Web UI. CVE-2014-0884 - An unspecified cross-site request forgery vulnerability exists in the...

7.1CVSS5.7AI score0.01648EPSS
Exploits4References6
nessus
nessus
added 2014/05/20 12:0 a.m.36 views

Fortinet FortiWeb < 5.2.0 Multiple XSRF Vulnerabilities

The remote host running FortiWeb prior to 5.2.0. It is, therefore, affected by multiple cross-site request forgery XSRF vulnerabilities in the web UI due to a lack of XSRF token protection. A remote, unauthenticated attacker could potentially exploit this vulnerability to perform administrative...

6.8CVSS5.3AI score0.01179EPSS
Exploits1References2
nessus
nessus
added 2014/04/29 12:0 a.m.15 views

Cisco Network Registrar Web UI Detection

Binary data cisconetworkregistrardetect.nbin...

7.3AI score
Exploits0References1
Rows per page
Query Builder