75 matches found
PT-2014-3504 · Ovirt · Ovirt
Name of the Vulnerable Software and Affected Versions: oVirt versions 3.4.0 and earlier Description: A session fixation issue in the web admin interface allows remote attackers to hijack web sessions. Recommendations: For versions 3.4.0 and earlier, update to a version later than 3.4.0 to resolve...
ovirt-engine-webadmin: session fixation
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors...
MongoDB Web Interface Detection
The remote web server is running the MongoDB Web Admin Interface. This interface lists information of interest to administrators of MongoDB, a document-oriented database system. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65915; scriptversion"1.6";...
CVE-2011-5078
The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD 3 and 7.0 before ESD 7 does not require admin authentication for unspecified scripts, which allows remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP...
PT-2011-1443 · Apache · Apache Couchdb
Name of the Vulnerable Software and Affected Versions: Apache CouchDB versions 0.8.0 through 1.0.1 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the web administration interface of Apache CouchDB. These vulnerabilities allow remote attackers to inject...
Websense Email Security multiple security vulnerabilities
Crossite scripting and DoS in Web administration interface...
Telecom Italia Alice Pirelli routers - Backdoor from internal LAN/WAN
saxdax & drpepperONE Discovered embedded backdoor to activate telnet/ftp/tftp/web extended admin interface with Admin privileges, from internal network lan on Alice ADSL CPE Modem/Router, manufactered by Pirelli based on Broadcom platform. saxdax & drpepperONE Router Vendor: Alice Telecom Italia...
Multiple I-O DATA DEVICE wireless LAN routers default configuration does not set authentication
Overview The web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN routers from I-O DATA DEVICE disables authentication in the default configuration. The authentication for the web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the 1 error and 2 go parameters to the login page...
csam-xss.txt
A XSS vulnerability is identified in C-SAM oneWallet web admin interface. This vulnerability exists in the forget password page. http://myserver:myport/tp/web/oneWallet/user/forgotPassStep2.jsp?loginID=null%22%3e%3cscript%3ealert%22XSS!%22%3c%2fscript%3e Sucessfully tested with Version...
C-SAM oneWallet forget password Cross Site Scripting vulnerability
A XSS vulnerability is identified in C-SAM oneWallet web admin interface. This vulnerability exists in the forget password page. http://myserver:myport/tp/web/oneWallet/user/forgotPassStep2.jsp?loginID=null223e3cscript3ealert22XSS!223c2fscript3e Sucessfully tested with Version 21007062007;1.0...
CVE-2006-4910
The CVE affects Cisco IDS/IPS web administration interfaces. Specifically, Cisco IDS before 4.1(5c) and Cisco IPS before 5.0(6p1) and 5.1 before 5.1(2) are vulnerable to a denial-of-service via a crafted SSLv2 Client Hello that causes the mainApp web management process to become unresponsive. The...
CVE-2005-2584
The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access...
SurfControl SuperScout Email Filter 3.5 - MsgError.asp Cross-Site Scripting
SurfControl SuperScout Email Filter 3.5 - MsgError.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/5928/info SurfControl SuperScout Email Filter comes with a web-based interface to provide remote access to administrative facilities. The web-based admin interface is prone to...
CVE-2002-0107
CacheFlow CacheOS 4.0.13 and earlier expose a information disclosure vulnerability in a web administration interface: a sequence of GET requests that do not end with a HTTP/1.0 (or another version) string causes leakage of sensitive data in the error message. Affected product: CacheFlow CacheOS (...