Design/Logic Flaw

Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console...

CVE-2019-12427

Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console...

CVE-2019-12427

CVE-2019-12427 affects Zimbra Collaboration before 8.8.15 Patch 1, with a non-persistent XSS vulnerability in the Admin Console. The connected Red Hat/OSV/CVE entries corroborate the same description. No remediation/versioned mitigation details are provided in the documents.

Refresh of WEM agent in admin console fails with error "Some of the requested actions may not have been executed properly"

When attempting to refresh the agents in any way or otherwise perform actions against an agent in the Administration node of the WEM Admin Console, the following message is seen in the bottom right corner: "Some of the requested actions may not have been executed properly." The WEM Agents being...

Security Bulletin: Vulnerability affects IBM Watson Assistant for IBM Cloud Pak for Data

Summary DOM-based vulnerability affects IBM Watson TM Assistant for IBM Cloud Pak for Data. A DOM-based, cross-site scripting vulnerability was found in the admin console where user input was not validated correctly. An authenticated user could exploit the flaw by injecting JavaScript code into t...

CVE-2019-7185

This cross-site scripting XSS vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions...

CVE-2019-7184

This cross-site scripting XSS vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions...

CVE-2019-7185

This cross-site scripting XSS vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions...

QNAP QTS Music Station XSS Vulnerability (NAS-201911-27)

QNAP Music Station is prone to a cross-site scripting vulnerability on the administrator Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later Thi...

CVE-2019-7197

CVE-2019-7197 is a stored cross-site scripting (XSS) vulnerability affecting multiple QTS versions. The issue could allow injection and execution of scripts in the administrator console via QTS Event Notification. Remediation per sources is to update QTS to the latest version. Technical specifics...

IBM WebSphere eXtreme Scale Admin Console Information Disclosure Vulnerability

IBM WebSphere eXtreme Scale is a distributed caching solution from IBM USA. The product supports dynamic caching, partitioning, replication, and management of application data and business logic across multiple servers.Admin Console is one of the management console programs. An information...

IBM WebSphere eXtreme Scale Admin Console Clickjacking Vulnerability

IBM WebSphere eXtreme Scale is a distributed caching solution from IBM USA. The product supports dynamic caching, partitioning, replication, and management of application data and business logic across multiple servers.Admin Console is one of the management console programs. A security...

IBM WebSphere eXtreme Scale Admin Console Cross Site Scripting Vulnerability

IBM WebSphere eXtreme Scale is a distributed caching solution from IBM USA. The product supports dynamic caching, partitioning, replication, and management of application data and business logic across multiple servers.Admin Console is one of the management console programs. A cross-site scriptin...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2019-4442)

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

FortiExtender OS command injection through execute date CLI command

An OS command injection vulnerability in FortiExtender CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands...

Command injection

An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands...

CVE-2019-15710

FortiExtender OS command injection affects versions prior to 4.1.2. In the FortiExtender CLI admin console, authenticated administrators can execute arbitrary system commands via specially crafted “execute date” inputs, due to improper input sanitization. The vulnerability is documented in Fortin...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2019-4270)

Summary IBM WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager SKLM. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulleti...

CVE-2019-17059

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2019-4268)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Security Bulletin: Fi...