Lucene search
K

2302 matches found

RedHat Linux
RedHat Linux
added 2016/04/04 3:35 p.m.12 views

spacewalk-java: Multiple XSS issues in WebUI

Multiple cross-site scripting XSS flaws were found in the way certain form data was handled in Red Hat Satellite. A user able to enter form data could use these flaws to perform XSS attacks against other Satellite users...

6.1CVSS6.2AI score0.01578EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/02/26 12:0 a.m.51 views

Cisco IOS XE Multiple OpenSSL Vulnerabilities (CSCup22487)

The remote Cisco IOS XE device is missing a vendor-supplied security patch, and its web user interface is configured to use HTTPS. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library : - An error exists in the ssl3readbytes function that could allow data to ...

7.4CVSS7.4AI score0.95326EPSS
Exploits10References9
CNVD
CNVD
added 2016/02/23 12:0 a.m.4 views

Sophos UTM Nessus Web UI Cross-Site Scripting Vulnerability

Sophos UTM is a unified threat management appliance. which provides gateway security and endpoint security. The appliance provides gateway security protection and endpoint security protection.Nessus Web UI is one of the components used to access the Nessus Vulnerability Scanner based on a web...

6.1CVSS5.9AI score0.0277EPSS
Exploits2References1
securityvulns
securityvulns
added 2015/10/26 12:0 a.m.83 views

LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability

Document Title: =============== LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1585 Release Date: ============= 2015-08-26 Vulnerability Laboratory ID VL-ID: ==================================== 15...

0.6AI score
Exploits0
seebug.org
seebug.org
added 2015/10/23 12:0 a.m.139 views

xpshop网店系统sql注入(官网demo演示)

简要描述: 详细说明: 漏洞位置:xpshop.webui.MyRefund protected void PageLoadobject sender, EventArgs e if base.CurrentUser == null string str = "Login.aspx?ReturnUrl=/" + WebUIBase.ShopFolder + "MyRefund.aspx"; base.Response.Redirect"/" + WebUIBase.ShopFolder + str; else if base.CurrentUser.Name == "anonymous"...

7.2AI score
Exploits0
CNVD
CNVD
added 2015/09/18 12:0 a.m.4 views

Citrix NetScaler ADC/NetScaler Gateway Elevation of Privilege Vulnerability

Citrix NetScaler ADCs are application delivery controllers that optimize enterprise service delivery.Citrix Access Gateway is a general purpose SSL VPN appliance. Multiple vulnerabilities exist in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway versions prior to 10.1...

10CVSS7.5AI score0.03124EPSS
Exploits0References1
NVD
NVD
added 2015/09/17 4:59 p.m.26 views

CVE-2015-5538

Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the 1 Command Line Interfa...

10CVSS7.3AI score0.03124EPSS
Exploits0References2
Prion
Prion
added 2015/09/17 4:59 p.m.17 views

Design/Logic Flaw

Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the 1 Command Line Interfa...

10CVSS7.8AI score0.03124EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2015/09/17 4:0 p.m.54 views

CVE-2015-5538

Citrix NetScaler ADC/NetScaler Gateway vuln (CVE-2015-5538) allows remote attackers to gain privileges via unknown vectors, affecting NetScaler ADC/Gateway versions prior to 10.1 Build 132.8, 10.5 prior to Build 57.7, and 10.5e prior to Build 56.1505.e. Descriptions consistently cite privilege es...

10CVSS7.5AI score0.03124EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2015/09/01 12:0 a.m.2 views

PT-2015-6793 · Pcs +2 · Pcs +2

Name of the Vulnerable Software and Affected Versions: PCS versions 0.9.139 and earlier Description: A race condition exists in the pcsd web UI backend, allowing remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated. Th...

8.5CVSS6.1AI score0.02544EPSS
Exploits0References18
Prion
Prion
added 2015/08/11 2:59 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the DHCP Monitor page in the Web User Interface WebUI in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname...

4.3CVSS6.1AI score0.01184EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2015/08/11 2:0 p.m.30 views

CVE-2015-3626

Cross-site scripting XSS vulnerability in the DHCP Monitor page in the Web User Interface WebUI in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname...

5.7AI score0.01184EPSS
Exploits0References4
CVE
CVE
added 2015/08/11 2:0 p.m.58 views

CVE-2015-3626

Summary: CVE-2015-3626 is an XSS flaw in Fortinet FortiOS FortiGate WebUI, specifically the DHCP Monitor page. Affected: FortiOS versions prior to 5.2.4. Cause: insufficient input filtering on the DHCP hostname field allows injection of arbitrary script/HTML. References from NVD/NVD-listed detail...

4.3CVSS5.8AI score0.01184EPSS
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2015/07/14 12:0 a.m.81 views

Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability

-------------------------------------------------------- Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability -------------------------------------------------------- Vendor ------ https://www.snorby.org/ Version ------- 2.6.2 Description ----------- During my research and testing of new IDS...

0.4AI score
Exploits0
OSV
OSV
added 2015/06/26 12:0 a.m.4 views

UBUNTU-CVE-2015-1266

content/browser/webui/contentwebuicontrollerfactory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as...

5CVSS7.3AI score0.01489EPSS
Exploits0References6
CNVD
CNVD
added 2015/06/05 12:0 a.m.3 views

Multiple Blue Coat Systems SSL Visibility Appliance Product Session Fixation Vulnerabilities

Blue Coat Systems SSL Visibility Appliance SV800 and others are SSL visibility appliances from Blue Coat Systems, USA, that are at the heart of encrypted traffic management, providing visibility into SSL traffic and supporting the addition of SSL inspection capabilities to advanced threat...

6.8CVSS6.9AI score0.01539EPSS
Exploits0References1
CNVD
CNVD
added 2015/06/05 12:0 a.m.2 views

Multiple Blue Coat Systems SSL Visibility Appliance Product Sensitive Information Vulnerabilities

Blue Coat Systems SSL Visibility Appliance SV800 and others are SSL visibility appliances from Blue Coat Systems, USA, which are at the heart of encrypted traffic management, providing visibility into SSL traffic and supporting the addition of SSL inspection capabilities to advanced threat...

4.3CVSS6.6AI score0.01431EPSS
Exploits0References1
CNVD
CNVD
added 2015/06/05 12:0 a.m.5 views

Multiple Blue Coat Systems SSL Visibility Appliance Product Information Disclosure Vulnerabilities

Blue Coat Systems SSL Visibility Appliance SV800 and others are SSL visibility appliances from Blue Coat Systems, USA, which are at the heart of encrypted traffic management, providing visibility into SSL traffic and supporting the addition of SSL inspection capabilities to advanced threat...

4.3CVSS6.9AI score0.01451EPSS
Exploits0References1
CNVD
CNVD
added 2015/06/01 12:0 a.m.5 views

Multiple Blue Coat Systems SSL Visibility Appliance Products Cross-Site Request Forgery Vulnerabilities

The Blue Coat Systems SSL Visibility Appliance SV800 is a management appliance that provides complete visibility into encrypted traffic from Blue Coat Systems, USA. The appliance provides a dedicated encrypted traffic management platform, easy-to-use policy enforcement points and adaptive securit...

4.3CVSS6.9AI score0.00708EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/05/12 3:44 p.m.5 views

pcs: improper web session variable signing

It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI...

4.3CVSS5.8AI score0.02097EPSS
Exploits0References4
Rows per page
Query Builder