334 matches found
CVE-2020-10574
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "querylogger" Admin API request, because of a typo in the JSON validation...
CVE-2019-12182
Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API...
Total.js CMS Remote Code Execution Vulnerability
Total.js CMS is a content management system CMS based on a NoSQL database. A security vulnerability exists in the controllers/admin.js file in version 13 of Total.js CMS. The vulnerability can be exploited by a remote attacker to execute arbitrary code by sending a POST request to the...
Design/Logic Flaw
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954...
Cross site scripting
IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158113...
CVE-2019-4115
IBM WebSphere eXtreme Scale Admin API (v8.6) is affected by cross-site scripting in the Admin UI, enabling injection of arbitrary JavaScript and potential credential disclosure within a trusted session. Root cause: inadequate input sanitization in the Admin UI. Impact is described in multiple sou...
PT-2019-16904 · Ibm · Ibm Websphere Extreme Scale
Name of the Vulnerable Software and Affected Versions: IBM WebSphere eXtreme Scale version 8.6 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session. This...
CVE-2018-12409
The CVE-2018-12409 issue affects TIBCO Silver Fabric, specifically the SOAP Admin API component. The vulnerability is a reflected cross-site scripting (XSS) flaw in the SOAP Admin API, with affected releases up to and including 5.8.1. Reports from TIBCO’s advisory indicate the impact could enable...
CVE-2018-12409
The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting XSS attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1...
CVE-2018-12409
The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting XSS attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1...
Cross site scripting
The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting XSS attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1...
TIBCO Security Advisory: February 13, 2019 - TIBCO SilverFabric
TIBCO Silver Fabric Vulnerable to Reflected Cross-Site Scripting attacks Original release date: February 13,2019 Last revised: CVE-2018-12409 Source: TIBCO Software Inc. TIBCO Silver Fabric Vulnerable to Reflected Cross-Site Scripting attacks Original release date: February 13, 2019 Last revised:...
Authentication Bypass
github.com/minio/minio is vulnerable to authentication bypass attacks. The vulnerability exists as attackers can modify pre-signed signature V2 requests to make Admin-API calls...
Authentication flaw
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...
CVE-2017-16818
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...
CVE-2017-16818
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...
CVE-2017-16818
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...
CVE-2017-16818
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...
CVE-2017-16818
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service assertion failure and application exit by leveraging "full" not necessarily admin privileges to post an invalid profile to the admin API, related to rgw/rgwiampolicy.cc, rgw/rgwbasictypes.h,...
WordPress 4.5.x < 4.6 Multiple Vulnerabilities
Binary data 9949.prm...