135 matches found
CVE-2018-11787
In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web...
CVE-2018-11787
CVE-2018-11787 affects Apache Karaf prior to 3.0.9, 4.0.9 and 4.1.1 where the webconsole opens a Gogo shell and, if Pax Web Extender Whiteboard is present, an unauthenticated /gogo URL can expose the Karaf console. Direct access to /system/console/gogo also requires authentication, but the /gogo ...
CVE-2018-14857
Unrestricted file upload with remote code execution in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are...
CVE-2018-14857
Unrestricted file upload with remote code execution in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are...
CVE-2018-14857
Unrestricted file upload with remote code execution in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are...
CVE-2018-6291
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1...
Cross site scripting
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1...
CVE-2018-6291
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1...
CVE-2018-6291
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1...
Unauthorized Access
karaf-webconsole is vulnerable to unauthorized access. The vulnerability exists when the gogo feature is installed with the webconsole feature, causing the /gogo endpoint to be accessed without authentication...
FireFox RCE by chaining small bugs
The Main Bug The main bug that made this possible was a strange behavior where 'javascript:' URLs coming from bookmarks were turning into chrome windows after a refresh occurs. This gave me my first chance at potentially injecting arbitrary chrome code, achieving that would mean I have an RCE!...
PowerScripts PlusMail WebConsole 1.0 Poor Authentication Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/2653/info PowerScripts PlusMail Web Control Panel is a web-based administration suite for maintaining mailing lists, mail aliases, and web sites. It is reportedly possible to change the administrative username and passwor...
JBoss 4.2.0 WebConsole/Invoker DeploymentFileRepository 代码执行漏洞
No description provided by source...
JBoss 4.2.0 WebConsole/Invoker 代码执行漏洞
JBoss是基于J2EE的开放源代码的应用服务器,其4.2.0版本会开启WebConsole, 攻击可使用WebConsole/Invoker部署一个war,从而成功地远程部署了恶意代码。 JBoss 4.2.0...
Integer overflow
Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a...
CVE-2012-0271
The CVE affects Novell GroupWise Internet Agent (GWIA) using WebConsole gwia.exe, where GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 are vulnerable to a remote heap-based buffer overflow triggered by a crafted HTTP Content-Length header (-1). The root cause is an integer overflow in the Web...
[security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03127140 Version: 1 HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center BAC and Business Service Management BSM, Remote Unauthorized Access to Sensitive Information NOTICE: The...
Sybase EAServer WebConsole Buffer Overflow (CVE-2005-2297)
Sybase EAServer is a web service application server suite. The software provides a web-based management console to allow a remote user using a web browser to perform database administration tasks. The communication between the client and the web-based management console is encapsulated in the HTT...
Sybase EAServer WebConsole buffer overflow
Added: 11/04/2005 CVE: CVE-2005-2297 BID: 14287 OSVDB: 17995 Background Sybase EAServer is a web application server. Problem A buffer overflow in the Sybase EAServer WebConsole allows a remote attcker to execute arbitrary commands by requesting /WebConsole/Login.jsp with a long query string...
Sybase EAServer WebConsole buffer overflow
Added: 11/04/2005 CVE: CVE-2005-2297 BID: 14287 OSVDB: 17995 Background Sybase EAServer is a web application server. Problem A buffer overflow in the Sybase EAServer WebConsole allows a remote attcker to execute arbitrary commands by requesting /WebConsole/Login.jsp with a long query string...