135 matches found
PT-2023-25419 · Kodbox · Kodbox
Name of the Vulnerable Software and Affected Versions: kodbox version 1.26 Description: A critical issue affects the function Execute of the file webconsole.php.txt in the WebConsole Plug-In component, leading to os command injection. The exploit has been disclosed publicly and may be used. The...
Authorization Bypass
org.apache.isis is vulnerable to authorization bypass. The vulnerability exists in multiple functions when running prototype mode in the h2 webconsole module which allows an remote attacker to grant authorizations directly to the query database in prototype mode...
Apache Isis Authorization Issues Vulnerability
Apache Isis is the United States Apache Apache Foundation , a framework for rapid development of domain-driven applications in Java . Apache Isis suffers from an authorization issue vulnerability that stems from the h2 webconsole module accessible in the prototype menu automatically providing the...
GHSA-998R-J9RX-QM8M Apache Isis webconsole module may directly query the database in prototype mode
When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...
Apache Isis webconsole module may directly query the database in prototype mode
When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...
CVE-2022-42467
When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...
Default credentials
When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...
CVE-2022-42467
Summary of affected component: Apache Isis h2 webconsole module in prototype mode. Vulnerability mechanism: The webconsole is automatically available in prototype mode, enabling direct database queries; safeguards require explicit enablement via configuration. Root cause/mitigation details: Since...
CVE-2022-42467 h2 webconsole (available only in prototype mode) should nevertheless be disabled by default.
When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...
CVE-2022-42467 h2 webconsole (available only in prototype mode) should nevertheless be disabled by default.
When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...
Exploit for CVE-2022-1040
Análisis Vulnerabilidad CVE-2022-1040 Sophos RCE En el grup...
org.apache.sling:org.apache.sling.caconfig.impl (>=1.2.0 <=1.6.0), org.apache.sling:org.apache.sling.scripting.sightly (>=1.0.0 <=1.0.32) +1 more potentially affected by CVE-2016-6798 via org.apache.sling:org.apache.sling.xss (=1.0.0)
org.apache.sling:org.apache.sling.xss MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.sling:org.apache.sling.xss and may be impacted: - org.apache.sling:org.apache.sling.caconfig.impl =1.2.0, =1.0.0, =1.0.0, =1.0.2 Sourc...
Security Bulletin: IBM MQ WebConsole and REST API are affected by CVE-2021-39031.
Summary An issue was identified within the IBM WebSphere Application Server Liberty profile that IBM MQ uses to provide web console and REST API functionality. Vulnerability Details CVEID: CVE-2021-39031 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow...
CVE-2020-13422
OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/ administrative actions...
PT-2021-9610 · Openiam · Openam
Name of the Vulnerable Software and Affected Versions: OpenIAM versions prior to 4.2.0.3 Description: The issue concerns a lack of permission verification for users attempting to perform administrative actions through the "/webconsole/rest/api/" endpoint. This means that users without proper...
RaspAP Remote Code Execution Vulnerability
RaspAP is a software solution that makes it easy to deploy a Raspberry Pi as a wireless AP access point, with a responsive set of WebUIs to control WiFi, as easy to use as a home router. A remote code execution vulnerability exists in includes/webconsole.php in RaspAP 2.5, which can be exploited ...
CVE-2020-24572
An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured and virtually unrestricted web console to attack the underlying OS Raspberry Pi running this software, and execute commands on the system including ones for uploading o...
Apache ActiveMQ 5.x < 5.15.12 XSS (CVE-2020-1941)
The version of Apache ActiveMQ running on the remote host is 5.x prior to 5.15.12. It is, therefore, affected by a cross-site scripting XSS vulnerability in the webconsole admin GUI. An unauthenticated, remote attacker can exploit this issue, by convincing a user to click a specially crafted URL,...
CVE-2020-1941
A flaw was found in activemq. The webconsole admin GUI is open to XSS, in the view that lists the contents of a queue...
Apache ActiveMQ webconsole admin GUI is open to XSS
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue...