ForgeRock OpenIDM Admin UI Cross-Site Scripting Vulnerability

ForgeRock OpenIDM is an extensible set of identity management tools for managing the identity lifecycle and provisioning issues from ForgeRock, Inc. The Admin UI is one of the backend management interfaces. orgeRock OpenID Admin UI is vulnerable to a cross-site scripting vulnerability. A remote...

Micro Focus Enterprise Developer and Enterprise Server Cross-Site Request Forgery Vulnerability

Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company.Micro Focus Enterprise Developer is a set of integrated development environments for the mainframe.Enterprise Server is a production deployment platform for mainframe programs. Enterprise...

Cisco Prime Infrastructure HTML Injection Vulnerability (CNVD-2017-221614)

Cisco Prime Infrastructure PI is a set of Cisco Prime LAN Management Solution LMS and Cisco Prime Network Control System NCS technologies for wireless management. solution. An HTML injection vulnerability exists in the administrative web interface in Cisco PI, which stems from the program failing...

SLiMS SQL Injection Vulnerability

SLiMS 8 Akasia is an open source, free library management system. An SQL injection vulnerability exists in the admin/AJAXlookuphandler.php file, the admin/AJAXcheckid.php file, and the admin/AJAXvocabolarycontrol.php file in SLiMS 8 Akasia 8.3.1 and earlier versions. A remote attacker can exploit...

CVE-2017-11677

Cross-site scripting XSS vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php...

Cisco Web Security Appliance Unauthorized Access Vulnerability

Cisco Web Security Appliance is the United States Cisco Cisco company's set of Web security appliances. An access restriction bypass vulnerability exists in the Cisco Web Security Appliance Web proxy feature, which could be exploited by remote attackers to submit a special request to access the...

CVE-2017-6751

A vulnerability in the web proxy functionality of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypa...

Peplink Balance Routers Web Admin Detection

Detection of Peplink Balance Routers Web Admin. The script sends a connection request to the server and attempts to detect the Web Admin Interface of Peplink Balance Routers. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

CVE-2017-8836

CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious...

Tecnovision DLX Spot - Authentication Bypass

Exploit Title: DlxSpot - Player4 LED video wall - Admin Interface SQL Injection Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/ Software Link: n/a Version: 1.5.10 Tested on:...

CVE-2017-8302

Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dspnextn.cfm, admin/core/views/cusers/inc/dspsearchform.cfm, admin/core/views/cusers/inc/dspuserslist.cfm,...

CVE-2017-8302

Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dspnextn.cfm, admin/core/views/cusers/inc/dspsearchform.cfm, admin/core/views/cusers/inc/dspuserslist.cfm,...

CVE-2015-8255

AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/localdel.cgi...

CVE-2017-7362

Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack...

Cross site request forgery (csrf)

Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery CSRF. The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed...

CVE-2016-9456

Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery CSRF. The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed...

D-LINK DIR-850L web admin interface vulnerable to stack-based buffer overflow (CVE-2017-3193 )

The affected service is the management web, in the cgibin file located within the htdocs folder on the router filesystem. The vulnerability is a Stack-Based Buffer Overflow, caused by a non-controlled use of the strcat function that allows an overwrite of the PC, and thus the execution flow of th...

Cross-site Scripting (XSS)

console-common is vulnerable to cross-site scripting XSS attacks. The vulnerability is possible due to a flaw in the admin interface...

Ubiquiti Networks Command Injection Vulnerability

Exploit for hardware platform in category web applications ======================================================================= title: Authenticated Command Injection product: Multiple Ubiquiti Networks products, e.g. TS-16-CARRIER, TS-5-POE, TS-8-PRO, AG-HP-2G16, AG-HP-2G20, AG-HP-5G23,...

ZZCMS V8.0 SQL Injection Vulnerability in admin/about.php File

ZZCMS is an enterprise website builder. A SQL injection vulnerability exists in the ZZCMS V8.0 admin/about.php file. The lack of filtering of the 'id' parameter obtained from $post'id' allows an attacker to exploit the vulnerability to obtain sensitive database information...