Total.js CMS Remote Code Execution Vulnerability

Total.js CMS is a content management system CMS based on a NoSQL database. A security vulnerability exists in the controllers/admin.js file in version 13 of Total.js CMS. The vulnerability can be exploited by a remote attacker to execute arbitrary code by sending a POST request to the...

Design/Logic Flaw

controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954...

Cross site scripting

IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158113...

CVE-2019-4115

IBM WebSphere eXtreme Scale Admin API (v8.6) is affected by cross-site scripting in the Admin UI, enabling injection of arbitrary JavaScript and potential credential disclosure within a trusted session. Root cause: inadequate input sanitization in the Admin UI. Impact is described in multiple sou...

PT-2019-16904 · Ibm · Ibm Websphere Extreme Scale

Name of the Vulnerable Software and Affected Versions: IBM WebSphere eXtreme Scale version 8.6 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session. This...

CVE-2018-12409

The CVE-2018-12409 issue affects TIBCO Silver Fabric, specifically the SOAP Admin API component. The vulnerability is a reflected cross-site scripting (XSS) flaw in the SOAP Admin API, with affected releases up to and including 5.8.1. Reports from TIBCO’s advisory indicate the impact could enable...

CVE-2018-12409

The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting XSS attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1...

Cross site scripting

The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting XSS attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1...

CVE-2018-12409

The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting XSS attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1...

TIBCO Security Advisory: February 13, 2019 - TIBCO SilverFabric

TIBCO Silver Fabric Vulnerable to Reflected Cross-Site Scripting attacks Original release date: February 13,2019 Last revised: CVE-2018-12409 Source: TIBCO Software Inc. TIBCO Silver Fabric Vulnerable to Reflected Cross-Site Scripting attacks Original release date: February 13, 2019 Last revised:...

Authentication Bypass

github.com/minio/minio is vulnerable to authentication bypass attacks. The vulnerability exists as attackers can modify pre-signed signature V2 requests to make Admin-API calls...

Authentication flaw

RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...

CVE-2017-16818

RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...

CVE-2017-16818

RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...

CVE-2017-16818

RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...

CVE-2017-16818

RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...

CVE-2017-16818

RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...

WordPress 4.5.x < 4.6 Multiple Vulnerabilities

Binary data 9949.prm...

WordPress Admin API Directory Traversal (CVE-2016-6896)

A directory traversal vulnerability has been reported in WordPress. This vulnerability is due to incorrect validation of a user supplied path for directory traversal characters. An authenticated user with subscriber privileges could exploit this vulnerability by sending specially crafted requests...

WordPress < 4.6 Multiple Vulnerabilities

According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.6. It is, therefore, affected by multiple vulnerabilities : - A path traversal vulnerability exists in the WordPress Admin API in the wpajaxupdateplugin function in...