CVE-2019-15516

CVE-2019-15516 concerns Cuberite prior to 2019-06-11. The vulnerability is a webadmin directory traversal caused by a flawed protection check that only removes a single “../” substring, potentially allowing an attacker to access locations outside a restricted directory. The description provides n...

CVE-2019-15516

Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring...

CVE-2019-14495

webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface...

CVE-2019-14495

CVE-2019-14495 affects 3proxy’s webadmin.c component, where the admin interface exposes an out-of-bounds write in versions prior to 0.8.13. The vulnerability is rooted in an out-of-bounds write condition within the webadmin interface, with potential impact on confidentiality, integrity, and avail...

PT-2019-13721 · 3Proxy +1 · 3Proxy +1

Name of the Vulnerable Software and Affected Versions: 3proxy versions prior to 0.8.13 Description: The issue is related to an out-of-bounds write in the admin interface of the webadmin.c component. Recommendations: For versions prior to 0.8.13, update to version 0.8.13 or later to resolve the...

OpenDreamBox WebAdmin Plugin Remote Code Execution

A remote code execution vulnerability exists in OpenDreamBox WebAdmin Plugin . Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

VulnCheck KEV: CVE-2017-14135

enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI...

CVE-2019-9945

SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid...

Default configuration

SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid...

Security Bulletin: The WebAdmin context for WebSphere Message Broker Version 8 allows directory listings (CVE-2016-6080)

Summary The WebAdmin context for WebSphere Message Broker Version 8 allows directory listings. Vulnerability Details CVEID: CVE-2016-6080 DESCRIPTION: The WebAdmin context for WebSphere Message Broker allows directory listings, which could disclose sensitive information to the attacker. CVSS Base...

CVE-2017-18014

An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page Control Center - Log Viewer - in the filter option "Web Server Protection" in the webadmin...

Sophos XG Firewall SFOS Logging Subsystem Cross-Site Scripting Vulnerability

Sophos XG Firewall is a firewall appliance from Sophos UK.SFOS is the operating system that runs on it.Logging subsystem is one of the logging subsystems. A cross-site scripting vulnerability exists in the WAF log page of the webadmin interface of the Logging subsystem in SFOS versions prior to...

ovirt-engine: webadmin log out must logout all sessions

It was discovered that the ovirt-engine webadmin session would not properly enforce timeouts. Browser sessions would remain logged in beyond the administratively configured session timeout period...

opendreambox Operating System Command Injection Vulnerability

opendreambox is a set of embedded Linux system build framework. webadmin plugin is one of the web management plugin. An operating system command injection vulnerability exists in the enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py file of the webadmin plugin in version 2.0.0 of...

Endian Firewall Stored From XSS to Remote Command Execution

Vulnerability Summary The following advisory describes a stored cross site scripting that can be used to trigger remote code execution in Endian Firewall version 5.0.3. Endian Firewall is a “turnkey Linux security distribution, which is an independent, unified security management operating system...

Red Hat oVirt Privilege Acquisition Vulnerability

Red Hat Ovirt is the United States Red Hat Red Hat company's set of open source virtualization management platform , is the RHEV enterprise virtualization platform of the open source version , by ovirt-node client and overt-engine management side . A security vulnerability exists in Red Hat oVirt...

SolarWinds Network Performance Monitor 12.0.15300.90 Cross Site Scripting Vulnerability

Exploit for windows platform in category dos / poc ------------------------------------------------------------- Vulnerability type: Persistent Cross-Site Scripting ------------------------------------------------------------- Credit: Andy Tan CVE ID: CVE-2017-9537...

Netsweeper Authentication Bypass Vulnerability (CNVD-2017-30727)

Netsweeper is a Web content filtering solution from Netsweeper Canada. A security vulnerability exists in versions of Netsweeper prior to 4.0.5. A remote attacker can exploit this vulnerability by sending a request to the webadmin/nslam/index.php file to bypass authentication and create arbitrary...

Netsweeper Arbitrary File Upload Vulnerability

Netsweeper is a Web content filtering solution from Netsweeper Canada. An arbitrary file upload vulnerability exists in the webadmin/ajaxfilemanager/ajaxfilemanager.php file in Netsweeper versions prior to 3.1.10, 4.0.x versions prior to 4.0.9, and 4.1.x versions prior to 4.1.2. A remote attacker...

CVE-2014-9611

Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php...