Input validation

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a...

CVE-2018-0371

CVE-2018-0371 affects Cisco Meeting Server Web Admin Interface (Acano X-Series, Meeting Server 1000, 2000). The root cause is insufficient validation of incoming HTTP requests, allowing an authenticated remote attacker to cause a DoS by restarting the system and terminating ongoing calls. This is...

Ubiquiti Networks EdgeSwitch Code Execution Vulnerability (CNVD-2018-11987)

The Ubiquiti EdgeSwitch is a Gigabit network switch device from Ubiquiti Networks, Inc. A security vulnerability exists in Ubiquiti EdgeSwitch 1.7.3 and earlier versions, which stems from the program's lack of protection for the admin CLI. An attacker could exploit the vulnerability to execute co...

Security Bulletin: TADDM - Security improvement: Tomcat default files and non-encrypted administrative interfaces available.

Summary TADDM security improvement deployed starting from TADDM 7.2.1.5 and in TADDM 7.2.2 related to availability of the default Tomcat administration interface. Vulnerability Details CVE-2013-3023 Description TADDM server prompts for credentials to access Tomcat Manager Application and Tomcat...

CVE-2018-12114

Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts...

PT-2018-10204 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.6.0 before Patch10 Zimbra Collaboration Suite versions 8.7.0 through 8.7.11.Patch2 Zimbra Collaboration Suite versions 8.8.0 through 8.8.7 Description: The issue allows read access to zimbraSSLPrivateKey...

CVE-2018-10544

Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface...

DRUPAL-CONTRIB-2018-018

This module helps in exporting and importing Menu Items via the administrative interface. The module does not properly restrict access to administrative pages, allowing anonymous users to export and import menu links. There is no mitigation for this vulnerability...

WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting

WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting Exploit Title: CalderaForms 1.5.9.1 - multiple XSS Date: 02-03-2018 Exploit Author: Federico Scalco fscalco at mentat dot is @mindpr00f Vendor Homepage: https://calderaforms.com/ Software Link:...

CMS Made Simple admin/moduleinterface.php Reflective Cross-Site Scripting Vulnerability

CMS Made Simple is a content management system developed using PHP, MySQL and Smarty template engine. A reflected cross-site scripting vulnerability exists in admin/moduleinterface.php in CMS Made Simple 2.2.7. An attacker can exploit this vulnerability via the m1name parameter to conduct a...

CMS Made Simple admin/siteprefs.php Cross-Site Request Forgery Vulnerability

CMS Made Simple is a content management system developed using PHP, MySQL and Smarty template engine. A cross-site request forgery vulnerability exists in admin/siteprefs.php in CMS Made Simple 2.2.7. No detailed vulnerability details are provided at this time...

CVE-2018-1189

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially...

CVE-2018-1347

The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting...

CVE-2018-6843

Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface...

Cross site scripting

CMS Made Simple CMSMS 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter...

CVE-2018-7893

CMS Made Simple CMSMS 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2018-06468)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in the...

CVE-2018-1185

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted...

The vulnerability of the multiuploadify.php script (located in the administrative web interface of the network storage software, Western Digital MyCloud PR4100), allows a malicious user to execute arbitrary code with root privileges.

The vulnerability of the multiuploadify.php script located in the administrative web interface of the network storage software, Western Digital MyCloud PR4100, relates to deficiencies in authentication procedures. Exploiting this vulnerability allows an attacker to download the PHP script onto a...

PT-2018-17528 · Sangoma · Freepbx

Name of the Vulnerable Software and Affected Versions: FreePBX versions 10.13.66-32bit and 14.0.1.24 SNG7-PBX-64bit-1712-2 Description: The issue allows post-authentication SQL injection via the order parameter. It is noted that the vendor disputes this issue, stating it is intentional for users ...