4990 matches found
CVE-2014-4980
The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter...
CVE-2014-4980
The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter...
CVE-2014-4980
The CVE-2014-4980 entry affects Tenable Nessus/Web UI, specifically Nessus versions 5.2.3–5.2.7. The issue is an information-disclosure vulnerability in the Web UI: the /server/properties endpoint can disclose sensitive data via the token parameter due to insufficient parameter checking. Reported...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the 1 newListList:ExcludeFileOnExpression, 2 newListList:ExcludeFilesystems, or 3 newListList:ExcludeMountPaths parameter to...
CVE-2014-2385
CVE-2014-2385 is a cross-site scripting vulnerability in the web UI of Sophos Anti-Virus for Linux (Configuration Console). The issue affects Sophos Anti-Virus 9.5.1 on Linux where several inputs in the web interface are not properly sanitized, enabling an attacker able to inject arbitrary HTML/J...
CVE-2014-2385
Multiple cross-site scripting XSS vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the 1 newListList:ExcludeFileOnExpression, 2 newListList:ExcludeFilesystems, or 3 newListList:ExcludeMountPaths parameter to...
Nessus Web UI information leakage
Information leakage via Web...
CVE-2014-4980 Parameter Tampering in Nessus Web UI - Remote Information Disclosure
Product: Nessus Vendor: Tenable Network Security? Version: Nessus 5.2.3-5.2.7 - Web UI 2.3.4 potentially lower Vendor Notified Date: June 24, 2014 Vendor Resolved Date: June 25, 2014 Release Date: July 18, 2014 Risk: Medium Authentication: Not Required Remote: Yes Description: A parameter tamperi...
Tenable Nessus 5.2.7 Parameter Tampering / Authentication Bypass
Product: Nessus Vendor: Tenable Network Security Version: Nessus 5.2.3-5.2.7 - Web UI 2.3.4 potentially lower Vendor Notified Date: June 24, 2014 Vendor Resolved Date: June 25, 2014 Release Date: July 18, 2014 Risk: Medium Authentication: Not Required Remote: Yes Description: A parameter tamperi...
Metasploit 4.1.0 Web UI stored XSS Vulnerability
No description provided by source. Advisory: Metasploit 4.1.0 Web UI stored XSS vulnerability Advisory ID: SSCHADV2011-033 Author: Stefan Schurtz Affected Software: Successfully tested on Metasploit Community Edition Vendor URL: http://metasploit.com/ Vendor Status: informed...
Ability Mail Server 2013 (3.1.1) - Stored XSS (Web UI)
No description provided by source. !/usr/bin/env python ''' Exploit Title: Ability Mail Server 2013 Stored XSS Date: 12/20/2013 Exploit Author: David Um Vendor Homepage: http://www.code-crafters.com/ Software Link: http://download.code-crafters.com/ams.exe Version: 3.1.1 Tested on: Windows Server...
Ability Mail Server 2013 - Password Reset CSRF from Stored XSS (Web UI)
No description provided by source. On one machine Windows Server 2003, install a new instance of AMS with these configurations 1. Primary Domain: hack.local 2. Enable the WebMail Service 3. Domain Name: hack.local 4. Add a User and set Password. In this case I created a user named, victim, with a...
CVE-2014-2946
Cross-site request forgery CSRF vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request...
CVE-2014-2946
CVE-2014-2946 is a CSRF vulnerability in the Huawei E303 Web UI, affecting api/sms/send-sms. The issue affects Web UI version 11.010.06.01.858 on software 22.157.18.00.858 and allows an attacker to hijack administrator authentication to perform API operations, including sending SMS messages via c...
Cross site scripting
Cross-site scripting XSS vulnerability in the Web UI in IBM WebSphere Service Registry and Repository WSRR 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2014-3010
This CVE (CVE-2014-3010) is an XSS in the IBM WebSphere Service Registry and Repository (WSRR) Web UI. Affected products/versions include WSRR 6.2; 6.3 up to 6.3.0.6; 7.0 up to 7.0.0.6; 7.5 up to 7.5.0.5; and 8.0 up to 8.0.0.3. The root cause is improper handling of user-controllable input in URL...
IBM Lotus Protector for Mail Security Multiple Vulnerabilities
A version of IBM Lotus Protector for Mail Security is installed on the remote host that is affected by multiple vulnerabilities : - An unspecified cross-site scripting vulnerability exists in the Admin Web UI. CVE-2014-0884 - An unspecified cross-site request forgery vulnerability exists in the...
Fortinet FortiWeb < 5.2.0 Multiple XSRF Vulnerabilities
The remote host running FortiWeb prior to 5.2.0. It is, therefore, affected by multiple cross-site request forgery XSRF vulnerabilities in the web UI due to a lack of XSRF token protection. A remote, unauthenticated attacker could potentially exploit this vulnerability to perform administrative...
Cisco Network Registrar Web UI Detection
Binary data cisconetworkregistrardetect.nbin...