CVE-2019-15708

CVE-2019-15708 concerns a system command injection vulnerability in Fortinet FortiAP devices. Based on connected sources, affected products include FortiAP-S/W2 (versions 6.2.1, 6.2.0, 6.0.5 and below), FortiAP (6.0.5 and below), and FortiAP-U (below 6.0.0). The issue occurs in the CLI admin cons...

CVE-2019-13393

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...

CVE-2019-13393

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...

Security Bulletin: Content Collector for Email is affected by a cross-site scripting vulnerability in WebSphere Application Server Admin Console

Summary There is a potential denial of service in the Admin Console of WebSphere Application Server. Vulnerability Details CVEID: CVE-2019-4270 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users...

Security Bulletin: Content Collector for Email is affected by a File traversal vulnerability in WebSphere Application Server Admin Console

Summary There is a file traversal vulnerability in the Admin Console of WebSphere Application Server. Vulnerability Details CVEID: CVE-2019-4268 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager IP Edition (CVE-2019-4268).

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM WebSphere...

Security Bulletin: A security vulnerability has been identified in Websphere Application Server shipped with Predictive Customer Intelligence (CVE-2017-1501).

Summary Websphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Security Bulletin: Potenti...

CVE-2020-1697

It was found in all keycloak versions before 9.0.0 that links to external applications Application Links in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further...

CVE-2020-1697

It was found in all keycloak versions before 9.0.0 that links to external applications Application Links in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further...

Cross site scripting

It was found in all keycloak versions before 9.0.0 that links to external applications Application Links in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further...

CVE-2020-1697

CVE-2020-1697 affects Keycloak versions before 9.0.0 where admin console links to external applications (Application Links) are not validated, allowing an authenticated user to craft links that trigger Stored XSS cross-realm. The issue is evidenced in multiple feeds (Red Hat advisories explicitly...

CVE-2020-1697

It was found in all keycloak versions before 9.0.0 that links to external applications Application Links in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further...

FortiAP system command injection through ifconfig command

A system command injection vulnerability in the FortiAP CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands...

CVE-2020-1697

A flaw was found during the assessment of the Admin Console application for Keycloak, where it was found that Application Links to external applications are not validated properly. An attacker could use this flaw to cause Stored XSS attacks...

keycloak: stored XSS in client settings via application links

A flaw was found during the assessment of the Admin Console application for Keycloak, where it was found that Application Links to external applications are not validated properly. An attacker could use this flaw to cause Stored XSS attacks...

CVE-2020-8123

A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application...

Denial of service

A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application...

CVE-2020-8123

A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application...

CVE-2019-12427

Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console...

CVE-2019-12427

Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console...