1738 matches found
PT-2020-6841 · Pulse · Pulse Connect Secure
Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R8 Description: A code injection vulnerability exists in the admin web interface of Pulse Connect Secure, allowing an attacker to craft a URI and perform arbitrary code execution. The vulnerability is...
PT-2020-20032 · Pulse Secure · Pulse Connect Secure
Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R8 Description: A denial of service issue exists that allows an authenticated attacker to perform command injection via the administrator web interface, which can cause a denial of service...
PT-2020-20034 · Pulse Secure · Pulse Connect Secure
Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R8 Description: A path traversal issue exists that allows an authenticated attacker, via the administrator web interface, to read arbitrary files through Meeting. Recommendations: For versions prior t...
The vulnerability in the web-based administration interface of Cisco Small Business RV320, Cisco Small Business RV325, Cisco Small Business RV016, Cisco Small Business RV042, and Cisco Small Business RV082 allows a malicious actor to cause device malfunctions or execute arbitrary code with root privileges.
The vulnerability in the web-based administration interface of Cisco Small Business RV320, Cisco Small Business RV325, Cisco Small Business RV016, Cisco Small Business RV042, and Cisco Small Business RV082 arises from an operation that goes beyond the buffer in memory. Exploiting this vulnerabili...
Mail.ru: Access admin interface via bad credentials
Staging testing version of plazius.ru manager's interface was available from external network with guessable default credentials. This interface had no access to production data...
CVE-2020-14926
CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page...
CVE-2020-14926
CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page...
The vulnerability in the web-based administration interface of the PAN-OS operating system allows a hacker to gain access to the device.
The vulnerability of the PAN-OS operating system’s administrative web interface is related to deficiencies in the authentication process. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the device...
Mail.ru: capsula.mail.ru - reflected xss
XSS in capsula.mail.ru on support chat message lead to stored XSS in capsula.mail.ru admin interface 874387 This XSS lead to stored-xss in the admin-panel 874387 rubukkit.org...
FreeBSD : Wagtail -- XSS vulnerability (8d85d600-84a9-11ea-97b9-08002728f74c)
Wagtail release notes : CVE-2020-11001: Possible XSS attack via page revision comparison view This release addresses a cross-site scripting XSS vulnerability on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail...
Unraid 6.8.0 - Auth Bypass PHP Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unraid 6.8.0 Auth Bypass PHP Code Execution', 'Description' = %q This module exploits two vulnerabilities affecting Unraid 6.8.0. An authenticati...
Cross-site Scripting (XSS)
wagtail is vulnerable to cross-site scripting XSS. The vulnerability exists as the page revision history output is returned as unescaped HTML when viewed in the admin interface...
CVE-2020-7255 Privilege Escalation vulnerability in ENS
Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface...
CVE-2020-11001
In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting XSS vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when...
Cross site scripting
In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting XSS vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when...
CVE-2020-11001
In Wagtail, CVE-2020-11001 is an XSS vulnerability in the page revision comparison view of the admin interface. The issue affects Wagtail versions prior to 2.8.1 and 2.7.2, where a limited-permission editor could craft a revision history that, when viewed by a higher-privilege user, could execute...
PT-2020-12483 · Wagtail · Wagtail
Name of the Vulnerable Software and Affected Versions: Wagtail versions prior to 2.7.2 and prior to 2.8.1 Description: A cross-site scripting XSS vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the...
Unspecified vulnerability exists in docker-kong
docker-kong is an API3 gateway product used in the Docker application container engine. A security vulnerability exists in docker-kong for Kong version 2.0.3 and earlier, which can be exploited by an attacker to access the admin API port on interfaces other than 127.0.0.1...
CVE-2020-11706
An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users; Enable/Disable Services; Set a rogue update proxy; and Shutdown the server...
CVE-2020-11706
An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users; Enable/Disable Services; Set a rogue update proxy; and Shutdown the server...