Plastic Scm安全漏洞

Unity Technologies Plastic Scm is a version control from Unity Technologies, USA. A security vulnerability previously existed in Plastic SCM 10.0.16.5622, which stemmed from Plastic SCM incorrectly handling the WebAdmin server management interface...

CVE-2021-39285

A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack...

The vulnerability of the Pulse Connect Secure corporate network VPN server, related to the unlimited download of dangerous types of files, allows a hacker to execute arbitrary code.

The vulnerability of the Pulse Connect Secure corporate network VPN server is related to the unlimited download of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by downloading a specially created archive through the web administrator interface...

Electron Technologies FZC PopojiCMS 跨站请求伪造漏洞

Electron Technologies FZC PopojiCMS is an open source content management system CMS based on the Popoji framework from Electron Technologies FZC. version 2.0.1 of Electron Technologies FZC PopojiCMS admin.php is vulnerable to cross-site request forgery. No detailed vulnerability details are...

CVE-2021-22937

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface...

Design/Logic Flaw

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface...

PT-2021-3892 · Pulse · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R12 Description: The issue allows an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. This could potentially enable a...

couchdb -- user privilege escalation

Cory Sabol reports: A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will ...

CVE-2021-32783

Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy...

PT-2021-19929 · Contour +1 · Contour +1

Name of the Vulnerable Software and Affected Versions: Contour versions prior to 1.17.1 Contour versions prior to 1.18.0 Description: A specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy containe...

CVE-2020-22148

A stored cross site scripting XSS vulnerability in /admin.php?page=tags of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML...

Red Hat Wildfly 访问控制错误漏洞

Red Hat Wildfly is a lightweight JavaEE-based open source application server from Red Hat USA. An access control error vulnerability exists in WildFly Core that stems from improperly restricting access to Vault expressions. If a Vault expression takes the form of a single attribute containing...

CVE-2021-22129

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically...

CVE-2021-22129

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically...

CVE-2021-31925

Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface...

Cisco Virtualized Voice Browser 跨站脚本漏洞

Cisco Virtualized Voice Browser is an application from Cisco, Inc. A virtualized voice browser. Cisco Virtualized Voice Browser suffers from a cross-site scripting vulnerability that originates from the web's administrative interface not properly validating user-supplied input. An attacker could...

RabbitMQ跨站脚本漏洞

Pivotal Software RabbitMQ is a suite of open source message broker software from Pivotal Software, USA, that implements the Advanced Message Queuing Protocol AMQP. A cross-site scripting vulnerability exists in RabbitMQ versions prior to 3.8.17, which stems from a cross-site scripting vulnerabili...

CVE-2021-21422

mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, howev...

CVE-2021-21422

mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, howev...

CVE-2021-21422

Summary: CVE-2021-21422 affects mongo-express, a Node.js/Express-based MongoDB admin UI. The issue stems from two XSS vectors: (1) when a cell’s content exceeds the supported size, clicking a row reveals the full document unescaped (requires admin interaction); (2) media-like data cells render as...