CVE-2020-5519

The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration External App" screen...

The vulnerability of the NGINX component of the SoftNAS Cloud storage solution allows a hacker to gain unauthorized access to the Webadmin interface.

The vulnerability of the NGINX component of the SoftNAS Cloud storage solution is related to insufficient checking of arguments passed in the command. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the Webadmin interface...

CVE-2019-15516

Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring...

CVE-2019-15516

Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring...

Directory traversal

Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring...

CVE-2019-15516

Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring...

CVE-2019-15516

CVE-2019-15516 concerns Cuberite prior to 2019-06-11. The vulnerability is a webadmin directory traversal caused by a flawed protection check that only removes a single “../” substring, potentially allowing an attacker to access locations outside a restricted directory. The description provides n...

CVE-2019-14495

webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface...

CVE-2019-14495

CVE-2019-14495 affects 3proxy’s webadmin.c component, where the admin interface exposes an out-of-bounds write in versions prior to 0.8.13. The vulnerability is rooted in an out-of-bounds write condition within the webadmin interface, with potential impact on confidentiality, integrity, and avail...

PT-2019-13721 · 3Proxy +1 · 3Proxy +1

Name of the Vulnerable Software and Affected Versions: 3proxy versions prior to 0.8.13 Description: The issue is related to an out-of-bounds write in the admin interface of the webadmin.c component. Recommendations: For versions prior to 0.8.13, update to version 0.8.13 or later to resolve the...

OpenDreamBox WebAdmin Plugin Remote Code Execution

A remote code execution vulnerability exists in OpenDreamBox WebAdmin Plugin . Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

VulnCheck KEV: CVE-2017-14135

enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI...

CVE-2019-9945

SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid...

Default configuration

SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid...

Security Bulletin: The WebAdmin context for WebSphere Message Broker Version 8 allows directory listings (CVE-2016-6080)

Summary The WebAdmin context for WebSphere Message Broker Version 8 allows directory listings. Vulnerability Details CVEID: CVE-2016-6080 DESCRIPTION: The WebAdmin context for WebSphere Message Broker allows directory listings, which could disclose sensitive information to the attacker. CVSS Base...

CVE-2017-18014

An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page Control Center - Log Viewer - in the filter option "Web Server Protection" in the webadmin...

Sophos XG Firewall SFOS Logging Subsystem Cross-Site Scripting Vulnerability

Sophos XG Firewall is a firewall appliance from Sophos UK.SFOS is the operating system that runs on it.Logging subsystem is one of the logging subsystems. A cross-site scripting vulnerability exists in the WAF log page of the webadmin interface of the Logging subsystem in SFOS versions prior to...

ovirt-engine: webadmin log out must logout all sessions

It was discovered that the ovirt-engine webadmin session would not properly enforce timeouts. Browser sessions would remain logged in beyond the administratively configured session timeout period...

opendreambox Operating System Command Injection Vulnerability

opendreambox is a set of embedded Linux system build framework. webadmin plugin is one of the web management plugin. An operating system command injection vulnerability exists in the enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py file of the webadmin plugin in version 2.0.0 of...

Endian Firewall Stored From XSS to Remote Command Execution

Vulnerability Summary The following advisory describes a stored cross site scripting that can be used to trigger remote code execution in Endian Firewall version 5.0.3. Endian Firewall is a “turnkey Linux security distribution, which is an independent, unified security management operating system...