Multiple vulnerabilities in the configuration function of the administrative graphical interface of Cisco Wireless LAN Controller software allow a malicious individual to cause service failures.

Multiple vulnerabilities exist in the configuration function of the administrative graphical interface of Cisco Wireless LAN Controller microprogramming system. These vulnerabilities arise due to insufficient validation of input data. Exploitation of these vulnerabilities could allow a malicious...

CVE-2019-11542

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an...

Command injection

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin...

Stack overflow

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an...

CVE-2019-11539

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin...

CVE-2019-11542

CVE-2019-11542 describes a stack buffer overflow in Pulse Connect Secure / Pulse Policy Secure triggered by an authenticated attacker via the admin web interface by sending a specially crafted message. The issue is one of a family of vulnerabilities disclosed in Pulse Secure advisories (SA44101) ...

CVE-2019-11539

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin...

PT-2019-6319 · Pulse · Pulse Policy Secure +1

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions 9.0RX prior to 9.0R3.4 Pulse Connect Secure versions 8.3RX prior to 8.3R7.1 Pulse Connect Secure versions 8.2RX prior to 8.2R12.1 Pulse Connect Secure versions 8.1RX prior to 8.1R15.1 Pulse Policy Secure versions...

PT-2019-19294 · Tibco Software · Tibco Activematrix Policy Director +6

Name of the Vulnerable Software and Affected Versions: TIBCO ActiveMatrix BPM versions prior to 4.2.1 TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions prior to 4.2.1 TIBCO ActiveMatrix Policy Director versions prior to 1.1.1 TIBCO ActiveMatrix Service Bus versions prior to 3.3...

Cross site scripting

An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter...

CVE-2019-3915

Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway G1100 firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface...

CVE-2019-9660

Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter...

OFCMS Backend Arbitrary File Write Vulnerability

OFCMS is a content management system based on Java technology. OFCMS version before 1.1.3 has a backend arbitrary file write vulnerability. An attacker can exploit this vulnerability by traversing the admin/cms/template/getTemplates.html?respath=res directory to write arbitrary content in the...

CVE-2019-9608

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadImage URI...

Stored XSS Vulnerability in DOYO Administrator Interface

DOYO doyocms is a PHP-based open source content management system CMS. A cross-site scripting vulnerability exists in the admin.php backend in DOYO version 2.3 through 2015-05-06. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

The vulnerability of the administrative web interface of the Cisco Identity Services Engine allows a perpetrator to increase their privileges.

The vulnerability of the administrative web interface of the Cisco Identity Services Engine relates to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges through specially crafted HTTP requests...

The vulnerability in the web interface of the Cisco WebEx Meetings Server software allows attackers to execute cross-site scripting attacks.

The vulnerability of the administration web interface of Cisco WebEx Meetings Server software is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially crafted link...

CVE-2018-15459

A vulnerability in the administrative web interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vulnerability is due to improper controls on certain pages in the web interface. An attacker could explo...

CVE-2018-15459

CVE-2018-15459 : Cisco Identity Services Engine (ISE) has a privilege-escalation flaw in its administrative web interface. An authenticated administrator can send crafted HTTP requests to gain additional Admin accounts with different roles, enabling actions within their scope. The root cause is i...

Remote Code Execution (RCE)

conga is vulnerable to remote code execution RCE attacks. The vulnerability exists as registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...