CVE-2020-1941

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue...

CVE-2020-1941

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue...

Open redirect

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue...

CVE-2020-1941

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue...

UBUNTU-CVE-2020-1941

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue...

CVE-2020-1941

CVE-2020-1941 affects Apache ActiveMQ (versions 5.0.0–5.15.11). The connected Nessus entry for this CVE confirms an XSS flaw in the ActiveMQ web console (admin GUI) specifically in the view that lists the contents of a queue. Root cause details are not elaborated beyond the XSS indication in the ...

CVE-2020-1941

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue...

CVE-2020-1941

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue...

PT-2020-3257 · Apache · Apache Activemq

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ versions 5.0.0 through 5.15.11 Description: The issue is related to a lack of input data sanitization in the webconsole admin GUI of Apache ActiveMQ, which makes it susceptible to cross-site scripting XSS attacks. Specifically...

Update Rollup 6 for System Center 2012 R2 Operations Manager

Update Rollup 6 for System Center 2012 R2 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 6 for Microsoft System Center 2012 R2 Operations Manager. Additionally, this article contains the installation instructions for Update Rollup 6 for System...

CVE-2018-16118

A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header...

Design/Logic Flaw

A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter...

CVE-2019-9161

WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginxwebconsole.php Cookie header can be used to read an etc/config/wac/wnscfgadmindetail.xm...

CVE-2019-9161

WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginxwebconsole.php Cookie header can be used to read an etc/config/wac/wnscfgadmindetail.xm...

CVE-2019-9161

CVE-2019-9161 affects Sangfor Sundray WLAN Controller (WAC) versions 3.7.4.2 and earlier. The issue is a remote code execution vulnerability where shell metacharacters in the nginx_webconsole.php Cookie header allow an attacker to read /etc/config/wac/wns_cfg_admin_detail.xml, exposing the admin ...

Moderate: Red Hat Bug Fix Advisory: OpenShift Container Platform 3.10 bug fix update

Red Hat OpenShift Container Platform release 3.10.127 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...

Improper Authentication in Apache Karaf

In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web...

BSA-2018-744

Security Advisory ID : BSA-2018-744 Component : Webconsole Revision : 1.0: Initial A Vulnerability in Brocade Network Advisor Version before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code.The vulnerability could also be exploited to execute arbitrary OS Commands...

CVE-2018-11787

Prior to Karaf 3.0.9, Karaf 4.0.9, and Karaf 4.1.1, HTTP endpoints published by Karaf features may also be published under the HTTP web root, in addition to the paths specifically configured by the installed feature. Authentication and access control rules may not cover this additional path,...

CVE-2018-11787

In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web...