Grouptime Teamwire Client Cross-Site Scripting Vulnerability

Grouptime Teamwire Client is an enterprise messaging client application from Grouptime Germany. A cross-site scripting vulnerability exists in the admin interface in Grouptime Teamwire Client. The vulnerability stems from a lack of proper validation of client-side data by the web application. An...

CVE-2018-17560

The CVE affects Grouptime Teamwire Client: on-premises server where the admin interface of version 1.5.1 (before 1.9.0) is vulnerable to stored XSS. Public details consistently map the issue to a lack of proper validation of client-side data, enabling cross-site scripting in the admin UI. All bac...

CVE-2018-16247

YzmCMS 5.1 has XSS via the admin/systemmanage/userconfigadd.html title parameter...

CVE-2018-18802

The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin/modusers/controller.php?action=edit...

CVE-2018-18802

CVE-2018-18802 affects the Tubigan “Welcome to our Resort” 1.0 software, with a CSRF flaw that can be exploited via admin/mod_users/controller.php?action=edit. The initial description confirms CSRF as the vulnerability type; Red Hat/NVD entries corroborate this. CVSS metrics are provided: CVSS v2...

CVE-2019-11509

In Pulse Secure Pulse Connect Secure PCS before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure PPS before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker via the admin web...

CVE-2019-6725

The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 2.00AAKK.3 devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the interface of the modem can be accessed as admin...

CVE-2019-7394

A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where a...

CVE-2019-4058

IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570...

CVE-2018-16136

An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't check for Anti-CSRF tokens, allowing the submission of multiple forms unwillingly by a victim...

Cross site request forgery (csrf)

An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't check for Anti-CSRF tokens, allowing the submission of multiple forms unwillingly by a victim...

Cross site request forgery (csrf)

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12789

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12789

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12789

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12789

MetInfo 5.3.18 is affected by Cross-Site Request Forgery (CSRF) in the admin/interface/online/delete.php component. The vulnerability enables Information Disclosure (remote) when an administrator clicks a malicious link while logged in. This is consistently described across multiple sources (NVD ...

CVE-2017-12789

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12788

Multiple cross-site scripting XSS vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the 1 class1 parameter or the 2 anyid parameter...

CVE-2019-11508

In Pulse Secure Pulse Connect Secure PCS before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker via the admin web interface can exploit Directory Traversal to execute arbitrary code on the appliance...

PT-2019-12342 · Pulse Secure · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Secure Pulse Connect Secure PCS versions 8.1R15.0 and earlier Pulse Secure Pulse Connect Secure PCS versions 8.2R12.0 and earlier Pulse Secure Pulse Connect Secure PCS versions 8.3R7.0 and earlier Pulse Secure Pulse Connect Secure PCS...