CVE-2020-8256

A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity XXE vulnerability...

PT-2020-6456 · Pulse · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R8.2 Description: The issue is related to the Pulse Connect Secure admin web interface, where an authenticated attacker could potentially upload a custom template to execute arbitrary code. This is du...

PT-2020-20064 · Pulse · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R8.2 Description: A vulnerability in the Pulse Connect Secure admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML Extern...

Pexip Infinity Cross-Site Scripting Vulnerability

Pexip Infinity is video communications software that organizations can deploy in their IT infrastructure, public or private cloud, or any hybrid combination to enable everyone to have their own personal, high-quality video, audio, and mobile conferencing experience. A stored cross-site scripting...

CVE-2019-1888

A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid...

CVE-2020-2038

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlie...

Cross-site Request Forgery (CSRF)

openmage/magento-lts is vulnerable to cross-site request forgery. The vulnerability exists because of lack of formkey protection in the function validateSecretKey of Admin Interface, allowing an attacker to easily observe timing discrepancy in OpenMage LTS...

CVE-2020-15151

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2...

Cross site request forgery (csrf)

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2...

CVE-2020-15151 Observable Timing Discrepancy in OpenMage LTS

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2...

GHSA-CRF2-XM6X-46P6 Observable Timing Discrepancy in OpenMage LTS

Impact This vulnerability allows to circumvent the formkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks Patches The latest OpenMage Versions up from 19.4.6 and 20.0.2 have this Issue solved References Related to Adobes CVE-2020-9690...

Observable Timing Discrepancy in OpenMage LTS

Impact This vulnerability allows to circumvent the formkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks Patches The latest OpenMage Versions up from 19.4.6 and 20.0.2 have this Issue solved References Related to Adobes CVE-2020-9690...

PT-2020-14229 · Openmage · Openmage

Name of the Vulnerable Software and Affected Versions: OpenMage versions prior to 19.4.6 OpenMage versions prior to 20.0.2 Description: This issue allows attackers to circumvent the fromkey protection in the Admin Interface, increasing the attack surface for Cross Site Request Forgery attacks...

UBUNTU-CVE-2020-7018

Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...

CVE-2020-11733

An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin...

Default credentials

An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin...

Mail.ru: relap.io/admin/api - административный API доступен без аутентификации

Admin interface opened to external network without authentication on relap.io...

CVE-2020-8221

A path traversal vulnerability exists in Pulse Connect Secure 9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface...

Code injection

A code injection vulnerability exists in Pulse Connect Secure 9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface...

CVE-2020-8218

A code injection vulnerability exists in Pulse Connect Secure 9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. Recent assessments: wvu-r7 at August 27, 2020 3:29pm UTC reported: Researchers wrote this one up at...