2956 matches found
CVE-2020-7116
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system...
CVE-2020-7117
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system...
CVE-2020-7117
CVE-2020-7117 affects Aruba Networks ClearPass Policy Manager WebUI. The vulnerability is an authenticated command remote execution: if an attacker is already authenticated to the administrative interface, they could execute commands on the underlying OS. Resolution: fixed in 6.7.13-HF, 6.8.5-HF,...
Design/Logic Flaw
A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via t...
CVE-2020-10706
A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via t...
BTFS: .git file accessible on remote.bittorrent.com
Hi team, i detected your .git file accessible for any unauthorized user. url : https://remote.bittorrent.com/static/webui/.git/config HTTP/1.1 200 OK Set-Cookie: BTURT=talon-i-0837bbfadd509c546-2; path=/; domain=.utorrent.com Server: TornadoServer/2.1.1git Connection: keep-alive Content-Length: 2...
Input validation
An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage...
CVE-2019-6696
CVE-2019-6696 is a FortiOS URL-redirect vulnerability caused by improper input validation on the admin webUI password-change page. Connected sources confirm it affects FortiOS 5.x (>=5.4.0), 6.x (prior to 6.0.9), and 6.2.x (prior to 6.2.2). The issue allows an attacker to perform an URL redire...
CVE-2019-6696
An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage...
Cisco IOS XE WebUI Privileged Command Injection (CVE-2019-12650)
A command injection exists in the WebUI component of Cisco IOS XE. The vulnerability is due to insufficient input validation on form content submitted by a user via the WebUI.A remote, authenticated attacker with administrative access can exploit this vulnerability by sending a crafted HTTP reque...
Cisco IOS WebUI Command Injection (CVE-2019-12651)
A command injection vulnerability exists in Cisco IOS XE WebUI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Protect
An improper input validation vulnerability in FortiOS admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage...
Unraid OS WebUI Missing Authentication
The script checks if the Web UI of Unraid OS is accessible without authentication. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
FortiManager Privilege Management Vulnerability
Fortinet FortiManager VM is a centralized network security management platform for virtual machines. FortiManager versions 5.2.1 and earlier, 5.0.10 and earlier, have a privilege management vulnerability in the WebUI FTP backup page implementation that can be exploited by an attacker to compromis...
CVE-2015-3613
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page...
Design/Logic Flaw
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page...
CVE-2015-3613
FortiManager VM and FortiManager appliances with versions 5.2.1 and earlier, and 5.0.10 and earlier, expose a privilege management vulnerability in the WebUI FTP backup page. The issue, confirmed by multiple sources, can be exploited to compromise confidentiality, integrity, and availability of t...
CVE-2019-12629
A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in t...
Input validation
A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in t...
CVE-2019-12629 Cisco SD-WAN vManage Command Injection Vulnerability
A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in t...