2944 matches found
CVE-2020-4104
CVE-2020-4104 affects HCL BigFix WebUI (Apps->Software module). The vulnerability is a stored XSS flaw caused by lack of proper validation of client data in the web application, allowing an attacker to deliver malicious scripts to authenticated users and execute client-side code. Impact is des...
ClearPass Policy Manager Unauthenticated Remote Command Execution Exploit
!/usr/bin/env bash ClearPass Policy Manager Unauthenticated Remote Command Execution in the WebUI CVE-2020-7115 For best results use OpenSSL/libcrypto shipped with RHEL/CentOS 7.x. Questions? Contact email protected. if "$" -ne 4 ; then echo "Usage: basename $0 remote host remote port local host...
ClearPass Policy Manager Unauthenticated Remote Command Execution
!/usr/bin/env bash ClearPass Policy Manager Unauthenticated Remote Command Execution in the WebUI CVE-2020-7115 For best results use OpenSSL/libcrypto shipped with RHEL/CentOS 7.x. Questions? Contact [email protected]. if "$" -ne 4 ; then echo "Usage: basename $0 remote host remote port...
CVE-2020-7117
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system...
CVE-2020-7116
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system...
Command injection
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system...
Command injection
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system...
CVE-2020-7116
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system...
CVE-2020-7116
CVE-2020-7116 affects Aruba Networks ClearPass Policy Manager WebUI. An attacker already authenticated to the administrative interface could perform an authenticated command remote execution, leading to remote code execution on the underlying OS. The vulnerability is addressed by fixes in version...
CVE-2020-7117
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system...
CVE-2020-7117
CVE-2020-7117 affects Aruba Networks ClearPass Policy Manager WebUI. The vulnerability is an authenticated command remote execution: if an attacker is already authenticated to the administrative interface, they could execute commands on the underlying OS. Resolution: fixed in 6.7.13-HF, 6.8.5-HF,...
Design/Logic Flaw
A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via t...
CVE-2020-10706
A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via t...
BTFS: .git file accessible on remote.bittorrent.com
Hi team, i detected your .git file accessible for any unauthorized user. url : https://remote.bittorrent.com/static/webui/.git/config HTTP/1.1 200 OK Set-Cookie: BTURT=talon-i-0837bbfadd509c546-2; path=/; domain=.utorrent.com Server: TornadoServer/2.1.1git Connection: keep-alive Content-Length: 2...
Input validation
An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage...
CVE-2019-6696
CVE-2019-6696 is a FortiOS URL-redirect vulnerability caused by improper input validation on the admin webUI password-change page. Connected sources confirm it affects FortiOS 5.x (>=5.4.0), 6.x (prior to 6.0.9), and 6.2.x (prior to 6.2.2). The issue allows an attacker to perform an URL redire...
CVE-2019-6696
An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage...
Cisco IOS XE WebUI Privileged Command Injection (CVE-2019-12650)
A command injection exists in the WebUI component of Cisco IOS XE. The vulnerability is due to insufficient input validation on form content submitted by a user via the WebUI.A remote, authenticated attacker with administrative access can exploit this vulnerability by sending a crafted HTTP reque...
Cisco IOS WebUI Command Injection (CVE-2019-12651)
A command injection vulnerability exists in Cisco IOS XE WebUI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Protect
An improper input validation vulnerability in FortiOS admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage...