2302 matches found
spacewalk-java: Multiple XSS issues in WebUI
Multiple cross-site scripting XSS flaws were found in the way certain form data was handled in Red Hat Satellite. A user able to enter form data could use these flaws to perform XSS attacks against other Satellite users...
Cisco IOS XE Multiple OpenSSL Vulnerabilities (CSCup22487)
The remote Cisco IOS XE device is missing a vendor-supplied security patch, and its web user interface is configured to use HTTPS. It is, therefore, affected by the following vulnerabilities in the bundled OpenSSL library : - An error exists in the ssl3readbytes function that could allow data to ...
Sophos UTM Nessus Web UI Cross-Site Scripting Vulnerability
Sophos UTM is a unified threat management appliance. which provides gateway security and endpoint security. The appliance provides gateway security protection and endpoint security protection.Nessus Web UI is one of the components used to access the Nessus Vulnerability Scanner based on a web...
LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability
Document Title: =============== LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1585 Release Date: ============= 2015-08-26 Vulnerability Laboratory ID VL-ID: ==================================== 15...
xpshop网店系统sql注入(官网demo演示)
简要描述: 详细说明: 漏洞位置:xpshop.webui.MyRefund protected void PageLoadobject sender, EventArgs e if base.CurrentUser == null string str = "Login.aspx?ReturnUrl=/" + WebUIBase.ShopFolder + "MyRefund.aspx"; base.Response.Redirect"/" + WebUIBase.ShopFolder + str; else if base.CurrentUser.Name == "anonymous"...
Citrix NetScaler ADC/NetScaler Gateway Elevation of Privilege Vulnerability
Citrix NetScaler ADCs are application delivery controllers that optimize enterprise service delivery.Citrix Access Gateway is a general purpose SSL VPN appliance. Multiple vulnerabilities exist in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway versions prior to 10.1...
CVE-2015-5538
Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the 1 Command Line Interfa...
Design/Logic Flaw
Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the 1 Command Line Interfa...
CVE-2015-5538
Citrix NetScaler ADC/NetScaler Gateway vuln (CVE-2015-5538) allows remote attackers to gain privileges via unknown vectors, affecting NetScaler ADC/Gateway versions prior to 10.1 Build 132.8, 10.5 prior to Build 57.7, and 10.5e prior to Build 56.1505.e. Descriptions consistently cite privilege es...
PT-2015-6793 · Pcs +2 · Pcs +2
Name of the Vulnerable Software and Affected Versions: PCS versions 0.9.139 and earlier Description: A race condition exists in the pcsd web UI backend, allowing remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated. Th...
Cross site scripting
Cross-site scripting XSS vulnerability in the DHCP Monitor page in the Web User Interface WebUI in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname...
CVE-2015-3626
Cross-site scripting XSS vulnerability in the DHCP Monitor page in the Web User Interface WebUI in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname...
CVE-2015-3626
Summary: CVE-2015-3626 is an XSS flaw in Fortinet FortiOS FortiGate WebUI, specifically the DHCP Monitor page. Affected: FortiOS versions prior to 5.2.4. Cause: insufficient input filtering on the DHCP hostname field allows injection of arbitrary script/HTML. References from NVD/NVD-listed detail...
Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability
-------------------------------------------------------- Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability -------------------------------------------------------- Vendor ------ https://www.snorby.org/ Version ------- 2.6.2 Description ----------- During my research and testing of new IDS...
UBUNTU-CVE-2015-1266
content/browser/webui/contentwebuicontrollerfactory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as...
Multiple Blue Coat Systems SSL Visibility Appliance Product Session Fixation Vulnerabilities
Blue Coat Systems SSL Visibility Appliance SV800 and others are SSL visibility appliances from Blue Coat Systems, USA, that are at the heart of encrypted traffic management, providing visibility into SSL traffic and supporting the addition of SSL inspection capabilities to advanced threat...
Multiple Blue Coat Systems SSL Visibility Appliance Product Sensitive Information Vulnerabilities
Blue Coat Systems SSL Visibility Appliance SV800 and others are SSL visibility appliances from Blue Coat Systems, USA, which are at the heart of encrypted traffic management, providing visibility into SSL traffic and supporting the addition of SSL inspection capabilities to advanced threat...
Multiple Blue Coat Systems SSL Visibility Appliance Product Information Disclosure Vulnerabilities
Blue Coat Systems SSL Visibility Appliance SV800 and others are SSL visibility appliances from Blue Coat Systems, USA, which are at the heart of encrypted traffic management, providing visibility into SSL traffic and supporting the addition of SSL inspection capabilities to advanced threat...
Multiple Blue Coat Systems SSL Visibility Appliance Products Cross-Site Request Forgery Vulnerabilities
The Blue Coat Systems SSL Visibility Appliance SV800 is a management appliance that provides complete visibility into encrypted traffic from Blue Coat Systems, USA. The appliance provides a dedicated encrypted traffic management platform, easy-to-use policy enforcement points and adaptive securit...
pcs: improper web session variable signing
It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI...