CVE-2018-6667

Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions JMX...

Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability (CNVD-2018-12110)

Cisco Unified Communications Manager CUCM, Unified CM is a call processing component of a unified communications system from Cisco.Cisco Unified Communications Manager IM & Presence Cisco Unified Communications Manager IM & Presence Service formerly CUPS is a CUCM-based instant messaging IM and...

Cisco Meeting Server Web Management Interface Denial of Service Vulnerability

Cisco Acano X-Series, Meeting Server 1000, and Meeting Server 2000 are video conferencing solutions from Cisco.Web Admin Interface is one of the web-based management interfaces. An input validation vulnerability exists in the Web Admin Interface in the Cisco Acano X-Series, Meeting Server 1000, a...

CVE-2018-0371

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a...

Input validation

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a...

CVE-2018-0371

CVE-2018-0371 affects Cisco Meeting Server Web Admin Interface (Acano X-Series, Meeting Server 1000, 2000). The root cause is insufficient validation of incoming HTTP requests, allowing an authenticated remote attacker to cause a DoS by restarting the system and terminating ongoing calls. This is...

Ubiquiti Networks EdgeSwitch Code Execution Vulnerability (CNVD-2018-11987)

The Ubiquiti EdgeSwitch is a Gigabit network switch device from Ubiquiti Networks, Inc. A security vulnerability exists in Ubiquiti EdgeSwitch 1.7.3 and earlier versions, which stems from the program's lack of protection for the admin CLI. An attacker could exploit the vulnerability to execute co...

Security Bulletin: TADDM - Security improvement: Tomcat default files and non-encrypted administrative interfaces available.

Summary TADDM security improvement deployed starting from TADDM 7.2.1.5 and in TADDM 7.2.2 related to availability of the default Tomcat administration interface. Vulnerability Details CVE-2013-3023 Description TADDM server prompts for credentials to access Tomcat Manager Application and Tomcat...

CVE-2018-12114

Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts...

PT-2018-10204 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.6.0 before Patch10 Zimbra Collaboration Suite versions 8.7.0 through 8.7.11.Patch2 Zimbra Collaboration Suite versions 8.8.0 through 8.8.7 Description: The issue allows read access to zimbraSSLPrivateKey...

CVE-2018-10544

Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface...

DRUPAL-CONTRIB-2018-018

This module helps in exporting and importing Menu Items via the administrative interface. The module does not properly restrict access to administrative pages, allowing anonymous users to export and import menu links. There is no mitigation for this vulnerability...

WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting

WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting Exploit Title: CalderaForms 1.5.9.1 - multiple XSS Date: 02-03-2018 Exploit Author: Federico Scalco fscalco at mentat dot is @mindpr00f Vendor Homepage: https://calderaforms.com/ Software Link:...

CMS Made Simple admin/siteprefs.php Cross-Site Request Forgery Vulnerability

CMS Made Simple is a content management system developed using PHP, MySQL and Smarty template engine. A cross-site request forgery vulnerability exists in admin/siteprefs.php in CMS Made Simple 2.2.7. No detailed vulnerability details are provided at this time...

CMS Made Simple admin/moduleinterface.php Reflective Cross-Site Scripting Vulnerability

CMS Made Simple is a content management system developed using PHP, MySQL and Smarty template engine. A reflected cross-site scripting vulnerability exists in admin/moduleinterface.php in CMS Made Simple 2.2.7. An attacker can exploit this vulnerability via the m1name parameter to conduct a...

CVE-2018-1189

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially...

CVE-2018-1347

The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting...

CVE-2018-6843

Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface...

CVE-2018-7893

CMS Made Simple CMSMS 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter...

Cross site scripting

CMS Made Simple CMSMS 2.2.6 has stored XSS in admin/moduleinterface.php via the metadata parameter...