CVE-2019-11543

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure PCS 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1...

PT-2025-16371 · Nmap +1 · Nmap +3

Name of the Vulnerable Software and Affected Versions: Extron SMP 111 versions 3.01 and earlier Extron SMP 351 versions 2.16 and earlier Extron SMP 352 versions 2.16 and earlier Description: A command injection issue in the Nmap diagnostic tool within the admin web console allows a remote...

CVE-2024-47908

OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

Vulnerabilities fixed in Ivanti Cloud Security Appliance

Ivanti has fixed vulnerabilities in the Cloud Security Appliance CSA for versions prior to 5.0.3. The vulnerabilities are located in the admin web console of the Ivanti Cloud Security Appliance. The first vulnerability involves an authentication bypass, allowing remote unauthenticated attackers t...

CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

CVE-2024-11639

The connected sources confirm multiple vulnerabilities in Ivanti Endpoint Manager Cloud Services Appliance (Ivanti CSA) prior to version 5.0.3. Specifically: authentication bypass in the admin web console (CVE-2024-11639) that could grant remote admin access; command injection (CVE-2024-11772) re...

PT-2024-9378 · Ivanti · Ivanti Csa

Name of the Vulnerable Software and Affected Versions: Ivanti CSA versions prior to 5.0.3 Description: The issue is related to an authentication bypass in the admin web console of Ivanti CSA, allowing a remote unauthenticated attacker to gain administrative access. There is no evidence of...

Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability

Ivanti Cloud Services Appliance CSA contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements...

CVE-2024-9380

CVE-2024-9380 affects Ivanti Cloud Services Appliance (CSA) admin web console prior to 5.0.2. It is an OS command injection vulnerability that, when exploited by an authenticated admin, can lead to remote code execution. Related advisories document CVE-2024-9379 (SQL injection) and CVE-2024-9381 ...

CVE-2024-9380

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

PT-2024-7353 · Ivanti · Ivanti Cloud Services Appliance

Name of the Vulnerable Software and Affected Versions: Ivanti Cloud Services Appliance versions prior to 5.0.2 Description: The issue is related to a SQL injection vulnerability in the admin web console of Ivanti Cloud Services Appliance. This vulnerability allows a remote authenticated attacker...

Design/Logic Flaw

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure PCS 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1...

CVE-2019-11543

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure PCS 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1...

CVE-2019-11543

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure PCS 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1...

PT-2019-12366 · Pulse · Pulse Policy Secure +1

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure PCS versions 9.0RX before 9.0R3.4 Pulse Connect Secure PCS versions 8.3RX before 8.3R7.1 Pulse Connect Secure PCS versions 8.1RX before 8.1R15.1 Pulse Policy Secure versions 9.0RX before 9.0R3.2 Pulse Policy Secure versio...

CVE-2018-9276

An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability both on the server and on devices by sending malformed parameters in sensor or...

ProCheckUp Security Advisory 2006.14

PR06-14: IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability This advisory has been published following consultation with UK NISCC http://www.niscc.gov.uk/ Date Found: 3rd November 2006 Date Public: 22nd January 2007 Vulnerable: Phones confirme...

CVE-2007-0528

The admin web console implemented by the Centrality Communications aka Aredfox PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser session...

PA168 Chipset IP Phones Weak Session Management Exploit

No description provided by source. !/bin/bash PR06-14: IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability Author: Adrian Pastor adrian.pastor-AT-procheckup.com from ProCheckUp This advisory has been published following consultation with UK NIS...

PR06-14: IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability

PR06-14: IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability This advisory has been published following consultation with UK NISCC http://www.niscc.gov.uk/ Date Found: 3rd November 2006 Date Public: 22nd January 2007 Vulnerable: Phones confirme...