Lucene search
K

1124 matches found

NVD
NVD
added 2007/07/26 1:30 a.m.21 views

CVE-2007-4017

Cross-site request forgery CSRF vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators...

7.6CVSS6.9AI score0.02493EPSS
Exploits0References8
securityvulns
securityvulns
added 2007/06/26 12:0 a.m.59 views

KF Web Server 3.1.0 admin console XSS

KF Web Server 3.1.0 admin console XSS -------------------------------------- site:http://www.keyfocus.net/kfws/ parameter:opsubmenu poc --- http://127.0.0.1:9727/index.wkf?opmenu=0&opsubmenu=aaaa223E3Cscript 3Ealert'xss';3C/script3E bug found by: Shay Priel aka Prili - [email protected]...

0.3AI score
Exploits0
NVD
NVD
added 2007/06/01 1:30 a.m.11 views

CVE-2007-2975

The admin console in Ignite Realtime Openfire 3.3.0 and earlier formerly Wildfire does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the...

7.5CVSS7.8AI score0.02541EPSS
Exploits0References5
Prion
Prion
added 2007/06/01 1:30 a.m.13 views

Design/Logic Flaw

The admin console in Ignite Realtime Openfire 3.3.0 and earlier formerly Wildfire does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the...

7.5CVSS8.4AI score0.02541EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2007/06/01 1:0 a.m.15 views

CVE-2007-2975

The admin console in Ignite Realtime Openfire 3.3.0 and earlier formerly Wildfire does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the...

7.8AI score0.02541EPSS
Exploits0References5
CVE
CVE
added 2007/06/01 1:0 a.m.45 views

CVE-2007-2975

CVE-2007-2975 affects Ignite Realtime Openfire 3.3.0 and earlier (Wildfire). The root cause is an improper filter mapping specification in web.xml for the admin console, allowing remote attackers to gain privileges and execute arbitrary code via functionality exposed through DWR (demonstrated usi...

7.5CVSS7.8AI score0.02541EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2007/05/30 12:0 a.m.11 views

Openfire < 3.3.1 Admin Console Privilege Escalation

Binary data 4070.prm...

7.5CVSS7.3AI score0.02541EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2007/05/29 12:0 a.m.23 views

Openfire Admin Console Remote Privilege Escalation

The remote host is running Openfire / Wildfire, an instant messaging server supporting the XMPP protocol. The version of Openfire or Wildfire installed on the remote host allows unauthenticated access to a servlet, which could allow a malicious user to upload code to Openfire via its admin consol...

7.5CVSS5.7AI score0.02541EPSS
Exploits0References2
NVD
NVD
added 2007/05/16 1:19 a.m.18 views

CVE-2007-2698

The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information...

5CVSS6.4AI score0.01917EPSS
Exploits0References5
securityvulns
securityvulns
added 2007/01/12 12:0 a.m.57 views

[SA23627] FirePass Multiple Vulnerabilities

TITLE: FirePass Multiple Vulnerabilities SECUNIA ADVISORY ID: SA23627 VERIFY ADVISORY: http://secunia.com/advisories/23627/ CRITICAL: Less critical IMPACT: Security Bypass, Cross Site Scripting, Exposure of sensitive information WHERE: From remote OPERATING SYSTEM: FirePass 6.x...

0.6AI score
Exploits0
NVD
NVD
added 2006/12/31 5:0 a.m.11 views

CVE-2006-7233

Cross-site scripting XSS vulnerability in the login form login.jsp of the admin console in Openfire formerly Wildfire 2.6.0, and possibly other versions before 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the url parameter...

4.3CVSS5.8AI score0.01223EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2006/01/21 12:0 a.m.38 views

geronimo_css.txt

Apache Geronimo 1.0 - CSS and persistent HTML-Injection vulnerabilities ======================================================================== Product: ======== Apache Geronimo is the J2EE server project of the Apache Software Foundation. Version: ======== Apache Geronimo 1.0, Jetty 5.1.9...

7.4AI score
Exploits0
NVD
NVD
added 2005/12/31 5:0 a.m.11 views

CVE-2005-4876

Cross-site scripting XSS vulnerability in the login form login.jsp of the admin console in Openfire formerly Wildfire 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than...

4.3CVSS5.8AI score0.00852EPSS
Exploits0References2
CVE
CVE
added 2005/11/20 9:0 p.m.48 views

CVE-2004-2544

The CVE-2004-2544 entry concerns Secure Computing Corporation Sidewinder G2 6.1.0.01. The Admin Console exports private keys when exporting firewall certificates, potentially exposing sensitive information. Affected component: Admin Console; vulnerability: exporting private keys. Impact described...

2.1CVSS6.7AI score0.00219EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2005/06/08 12:0 a.m.28 views

IBM WebSphere Application Server administrative console buffer overflow

Buffer overflow during authentication process...

4.3AI score
Exploits0References2Affected Software1
NVD
NVD
added 2005/05/03 4:0 a.m.15 views

CVE-2005-1380

Cross-site scripting XSS vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action...

6.8CVSS8AI score0.0497EPSS
Exploits1References7
Cvelist
Cvelist
added 2005/05/02 4:0 a.m.21 views

CVE-2005-1380

Cross-site scripting XSS vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action...

8AI score0.0497EPSS
Exploits1References7
CVE
CVE
added 2005/05/02 4:0 a.m.51 views

CVE-2005-1380

BeA Admin Console 8.1 is affected by a cross-site scripting (XSS) vulnerability in the JndiFramesetAction path, allowing remote attackers to inject script via the server parameter. The issue is documented across multiple sources (CVE-2005-1380) with a CVSS v2 base score of 6.8 (MEDIUM) and networ...

6.8CVSS8AI score0.0497EPSS
Exploits1References7Affected Software1
securityvulns
securityvulns
added 2005/04/28 12:0 a.m.30 views

BEA application server Admin console crossite scripting

Crossite scripting with http://server:8001/console/actions/jndi/JndiFramesetAction/...

0.4AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2005/04/28 12:0 a.m.23 views

Cross Site Scripting in BEA Admin console

Name Cross Site Scripting in BEA Admin Console Systems Affected BEA Admin Console 8.1 Severity Low Risk Category CSS/XSS Vendor URL http://www.bea.com Author Alexander Kornbrust ak at red-database-security.com Date 25 Apr 2005 V 1.00 Advisory AKSEC2004-042 Details One input field in the BEA Admin...

Exploits0
Rows per page
Query Builder