CVE-2020-8260

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction...

CVE-2020-8260

Pulse Connect Secure (PCS) vulnerable

CVE-2020-8255

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...

CVE-2020-8260

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2020-8243

A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution...

CVE-2020-8256

A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity XXE vulnerability...

Xxe

A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity XXE vulnerability...

CVE-2020-8243

A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. Recent assessments: wvu-r7 at October 07, 2020 10:52pm UTC reported: Oh dear, another Pulse Secure vuln. Let’s break this...

CVE-2020-8243

CVE-2020-8243 affects Pulse Connect Secure, specifically the admin web interface prior to 9.1R8.2. An authenticated attacker can upload a custom template to achieve arbitrary code execution via the admin UI. The CVSSv3 base score is 7.2 (High) with network access, low attack complexity, and high ...

CVE-2020-8256

CVE-2020-8256 is a vulnerability in the Pulse Connect Secure admin web interface prior to 9.1R8.2 that allows an authenticated attacker to read arbitrary files via XML External Entity (XXE) through Pulse Collaboration. The issue is confirmed across multiple sources (Red Hat advisory, Nessus plugi...

CVE-2019-1888

CVE-2019-1888 affects Cisco Unified Contact Center Express (Unified CCX). Vulnerability in the Administration Web Interface allows an authenticated attacker with valid Administrator credentials to upload arbitrary files containing OS commands, which will be executed on the underlying system. The ...

Pulse Policy Secure < 9.1R8 (SA44516)

According to its self-reported version, the version of Pulse Policy Secure running on the remote host is prior to 9.1R8. It is, therefore, affected by multiple vulnerabilities: - An attacker can bypass the Google TOTP, if the primary credentials are exposed to attacker CVE-2020-8206. - An...

Pulse Connect Secure < 9.1R8 (SA44516)

According to its self-reported version, the version of Pulse Connect Secure running on the remote host is prior to 9.1R8. It is, therefore, affected by multiple vulnerabilities: - An attacker can bypass the Google TOTP, if the primary credentials are exposed to attacker CVE-2020-8206. - An...

CVE-2020-8222

A path traversal vulnerability exists in Pulse Connect Secure 9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting...

CVE-2020-8218

A code injection vulnerability exists in Pulse Connect Secure 9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface...

CVE-2020-8218

A code injection vulnerability exists in Pulse Connect Secure 9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface...

CVE-2020-8218

A code injection vulnerability exists in Pulse Connect Secure 9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface...

Vastgota-Data ProVide Admin Web Interface Cross-Site Scripting Vulnerability

Vastgota-Data ProVide is a file transfer server with a graphical user interface from Vastgota-Data, Sweden. A cross-site scripting vulnerability exists in the Admin Web Interface in Vastgota-Data ProVide 13.1 and earlier versions. The vulnerability stems from a lack of proper validation of client...

CVE-2020-11704

An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetUserInfo is Reflected via POST data. SetUserInfo is Stored via the general parameter...

CVE-2020-11704

ProVide (formerly zFTPServer) Admin Web Interface up to version 13.1 is affected by multiple Cross-Site Scripting (XSS) issues described as stored and reflected XSS. GetInheritedProperties is reflected via the groups parameter; GetUserInfo is reflected via POST data; SetUserInfo is stored via the...