1124 matches found
CVE-2007-4017
Cross-site request forgery CSRF vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators...
KF Web Server 3.1.0 admin console XSS
KF Web Server 3.1.0 admin console XSS -------------------------------------- site:http://www.keyfocus.net/kfws/ parameter:opsubmenu poc --- http://127.0.0.1:9727/index.wkf?opmenu=0&opsubmenu=aaaa223E3Cscript 3Ealert'xss';3C/script3E bug found by: Shay Priel aka Prili - [email protected]...
CVE-2007-2975
The admin console in Ignite Realtime Openfire 3.3.0 and earlier formerly Wildfire does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the...
Design/Logic Flaw
The admin console in Ignite Realtime Openfire 3.3.0 and earlier formerly Wildfire does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the...
CVE-2007-2975
The admin console in Ignite Realtime Openfire 3.3.0 and earlier formerly Wildfire does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the...
CVE-2007-2975
CVE-2007-2975 affects Ignite Realtime Openfire 3.3.0 and earlier (Wildfire). The root cause is an improper filter mapping specification in web.xml for the admin console, allowing remote attackers to gain privileges and execute arbitrary code via functionality exposed through DWR (demonstrated usi...
Openfire < 3.3.1 Admin Console Privilege Escalation
Binary data 4070.prm...
Openfire Admin Console Remote Privilege Escalation
The remote host is running Openfire / Wildfire, an instant messaging server supporting the XMPP protocol. The version of Openfire or Wildfire installed on the remote host allows unauthenticated access to a servlet, which could allow a malicious user to upload code to Openfire via its admin consol...
CVE-2007-2698
The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information...
[SA23627] FirePass Multiple Vulnerabilities
TITLE: FirePass Multiple Vulnerabilities SECUNIA ADVISORY ID: SA23627 VERIFY ADVISORY: http://secunia.com/advisories/23627/ CRITICAL: Less critical IMPACT: Security Bypass, Cross Site Scripting, Exposure of sensitive information WHERE: From remote OPERATING SYSTEM: FirePass 6.x...
CVE-2006-7233
Cross-site scripting XSS vulnerability in the login form login.jsp of the admin console in Openfire formerly Wildfire 2.6.0, and possibly other versions before 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the url parameter...
geronimo_css.txt
Apache Geronimo 1.0 - CSS and persistent HTML-Injection vulnerabilities ======================================================================== Product: ======== Apache Geronimo is the J2EE server project of the Apache Software Foundation. Version: ======== Apache Geronimo 1.0, Jetty 5.1.9...
CVE-2005-4876
Cross-site scripting XSS vulnerability in the login form login.jsp of the admin console in Openfire formerly Wildfire 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than...
CVE-2004-2544
The CVE-2004-2544 entry concerns Secure Computing Corporation Sidewinder G2 6.1.0.01. The Admin Console exports private keys when exporting firewall certificates, potentially exposing sensitive information. Affected component: Admin Console; vulnerability: exporting private keys. Impact described...
IBM WebSphere Application Server administrative console buffer overflow
Buffer overflow during authentication process...
CVE-2005-1380
Cross-site scripting XSS vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action...
CVE-2005-1380
Cross-site scripting XSS vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action...
CVE-2005-1380
BeA Admin Console 8.1 is affected by a cross-site scripting (XSS) vulnerability in the JndiFramesetAction path, allowing remote attackers to inject script via the server parameter. The issue is documented across multiple sources (CVE-2005-1380) with a CVSS v2 base score of 6.8 (MEDIUM) and networ...
BEA application server Admin console crossite scripting
Crossite scripting with http://server:8001/console/actions/jndi/JndiFramesetAction/...
Cross Site Scripting in BEA Admin console
Name Cross Site Scripting in BEA Admin Console Systems Affected BEA Admin Console 8.1 Severity Low Risk Category CSS/XSS Vendor URL http://www.bea.com Author Alexander Kornbrust ak at red-database-security.com Date 25 Apr 2005 V 1.00 Advisory AKSEC2004-042 Details One input field in the BEA Admin...