Sql injection

A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to...

CVE-2019-7001 Avaya IPOCC WebUI SQL Injection

A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to...

CVE-2019-7001

The CVE-2019-7001 entry concerns a SQL injection in the WebUI of IP Office Contact Center. The vulnerability affects all 9.x and 10.x IP Office Contact Center versions prior to 10.1.2.2.2-11201.1908. An authenticated attacker could retrieve or alter sensitive data related to other users on the sy...

Apache Storm WebUI Detection

Binary data apachestormwebuidetect.nbin...

Ansible AWX WebUI Detection

Binary data ansibleawxdetect.nbin...

Design/Logic Flaw

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3...

CVE-2019-0004 Juniper ATP: API and device keys are logged in a world-readable permissions file

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3...

RATELIMITED: Information Disclosure PHPpgAdmin

PHPpgAdmin is a piece of script which allows system administrators to manage their Postgres databases easily from a webUI. We had forgotten to limit access to this script, resulting in the ability for a brute-force attack to happen...

CVE-2018-6070

Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...

CVE-2018-6070

Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...

Design/Logic Flaw

Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...

CVE-2018-6070

Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...

UBUNTU-CVE-2018-6070

Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...

CVE-2018-6070

CVE-2018-6070 is a CSP bypass vulnerability in Google Chrome/Chromium where an attacker could lure a user to install a crafted extension to bypass Content Security Policy. Technical details across connected records confirm the flaw resides in how extensions interact with WebUI CSP enforcement, en...

CVE-2018-6070

Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...

CVE-2018-6070

Removed by vendor...

Cross-site Scripting (XSS)

webui-jsf is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization on request.getRequestURI, allowing arbitrary scripts to be added into the URI and subsequently executed...

Security update for icinga (moderate)

This update for icinga fixes the following issues: Update to 1.14.0 - CVE-2015-8010: Fixed XSS in the icinga classic UI boo952777 - CVE-2016-8641 / CVE-2016-10089: fixed a possible symlink attack for files/dirs created by root boo1011630 and boo1018047 - CVE-2016-0726: removed the pre-configured...

Information disclosure

IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343...

CVE-2018-1708

IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343...