Input validation

IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599...

CVE-2023-47148

Summary of CVE-2023-47148 : IBM Storage Protect Plus Server Admin Console (versions 10.1.0–10.1.15.2) could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints. The issue is rooted in insecure endpoint handling, enabling information disclosure...

PT-2024-13416 · Ibm · Ibm Storage Protect Plus Server

Name of the Vulnerable Software and Affected Versions: IBM Storage Protect Plus Server versions 10.1.0 through 10.1.15.2 Description: The issue allows a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints, which could be used in further attacks agains...

The vulnerability of the Admin Console component of the Oracle CRM system, which manages customer relationships. The Oracle CRM Technical Foundation, a business automation system, and the Oracle E-Business Suite enable a perpetrator to cause service interruptions.

The vulnerability of the Admin Console component of the Oracle CRM system, which manages customer relationships, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause service interruptions using the HTTP network protocol...

PT-2024-1208 · Oracle · Oracle Crm Technical Foundation +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the Admin Console component of Oracle CRM Technical Foundation, allowing a low-privileged attacker with network acce...

Citrix Cloud: Admin may be unable to view the Citrix Daas console, it is greyed out.

Citrix Admin Console may be unable to view the Citrix DaaS. There may be a notification that "DaaS is unavailable" In the Citrix Cloud console for managing a DaaS deployment, all menu options below 'Home' are greyed out and inactive. Hovering over them shows the error message "DaaS is unavailable...

Info-stealers can steal cookies for permanent access to your Google account

Hackers have found a way to gain unauthorized access to Google accounts, bypassing any multi-factor authentication MFA the user may have set up. To do this they steal authentication cookies and then extend their lifespan. It doesn’t even help if the owner of the account changes their password...

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315 - Openfire Authentication Bypass This reposito...

The vulnerability of the administration console of the SIMATIC PCS neo web-based process control system lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the administration console of the SIMATIC PCS neo web-based process control system is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a remote attacker to execute arbitrary JavaScript code...

CVE-2023-46099

Siemens SIMATIC PCS neo (versions prior to V4.1) has a stored cross-site scripting vulnerability in the Administration Console. The issue allows an attacker with high privileges to inject JavaScript that is executed by other legitimate users. Affected component: Administration Console of SIMATIC ...

WEM Admin Console hangs while refreshing Agent Cache for some Agents via Console

When refreshing agent cache from Citrix WEM Console, the console freezes and have to kill and re-connect to get it working again. The issue happens only if specific agent machines are selected for the refresh cache action...

CVE-2023-39219

PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests...

Design/Logic Flaw

PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests...

CVE-2023-39219 Admin Console Denial of Service via Java class enumeration

PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests...

CVE-2023-39219 Admin Console Denial of Service via Java class enumeration

PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests...

The vulnerability of the Admin CP configuration module of the MyBB forum creation software allows a hacker to execute arbitrary code.

The vulnerability of the Admin CP module for the MyBB forum creation software is related to improper code generation during template processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Trend Micro Endpoint security products for enterprises vulnerable to arbitrary code execution

Overview Trend Micro Endpoint security products for enterprises provided by Trend Micro Incorporated contain an arbitrary code execution vulnerability CWE-94, CVE-2023-41179 in 3rd Party AV Uninstaller Module. Trend Micro Incorporated states that an attack exploiting this vulnerability has been...

Vulnerability fixed in Trend Micro Apex One

Trend Micro has fixed a vulnerability in Apex One. A local, authenticated malicious party can exploit the vulnerability exploit to execute arbitrary code with permissions from the system. For successful abuse, the malicious party must have prior sufficient privileges on the admin console of the...

The vulnerability of the administration console of the SIMATIC PCS neo web-based system for managing technological processes allows a hacker to obtain the administrator’s Windows account credentials.

The vulnerability of the administration console of the SIMATIC PCS neo web-based process control system is related to the leakage of information about files and directories. Exploiting this vulnerability can allow an attacker to obtain administrator credentials for Windows...

A Critical Vulnerability in Openfire Admin Console Actively Exploited in the Wild

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The vulnerability CVE-2023-32315 in Ignite Realtime Openfire, enabling unauthorized access to privileged pages. Attackers exploit this by bypassing authentication, prompting immediate updates for...