IBM WebSphere Application Server 7.0.0.0 < 7.0.0.45 / 8.0.0.0 < 8.0.0.15 / 8.5.0.0 < 8.5.5.14 / 9.0.0.0 < 9.0.0.7 Admin Console Unspecified Insecure Security Remote Privilege Escalation

The IBM WebSphere Application Server running on the remote host is version 7.0.0.0 prior to 7.0.0.45, 8.0.0.0 prior to 8.0.0.15, 8.5.0.0 prior to 8.5.5.14, or 9.0.0.0 prior to 9.0.0.7. It is, therefore, affected by an unspecified privilege escalation vulnerability in the Admin Console. An...

NetIQ Access Manager Admin Console File Upload Vulnerability

NetIQ Access Manager NAM is a resource access control solution from NetIQ Corporation. The solution provides multiple authentication, data encryption, single sign-on and SSL VPN for local and remote users.Admin Console is one of the management console programs. A file upload vulnerability exists ...

CVE-2018-1342

A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console...

CVE-2018-1342

A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console...

Design/Logic Flaw

A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console...

CVE-2018-1342

The CVE-2018-1342 issue affects NetIQ Access Manager Admin Console (versions 4.3/4.4). The root cause is lack of validation in the FwRequest class, enabling an attacker to upload arbitrary files to the Admin Console server and execute code, with no authentication required (remote code execution)....

CVE-2018-1342

A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console...

CVE-2016-6810

CVE-2016-6810 affects Apache ActiveMQ 5.x prior to 5.14.2, where the web-based administration console is vulnerable to cross-site scripting due to improper user data output validation. The issue could allow a remote attacker to execute script in a victim’s browser via the admin console URL. Remed...

CVE-2017-5261

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users...

Pomelo Admin Console Web存在任意文件读取漏洞

...

Pomelo Admin Console Web存在任意文件写入漏洞

...

b3log Symphony cross-site scripting vulnerability (CNVD-2017-37885)

b3log Symphony aka Sym is an open source set of modern community platforms written in the Java language, including forums, BBS, SNS and blogs. A cross-site scripting vulnerability exists in the processor/AdminProcessor.java file in the admin console of b3log Symphony version 2.2.0. A remote...

Remote Code Execution (RCE)

Codiad is vulnerable to remote code execution RCE attacks. The admin console's path is not sanitized properly, allowing a malicious user to access arbitrary shell code on the application...

CVE-2017-16821

b3log Symphony aka Sym 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid...

CVE-2017-16821

b3log Symphony aka Sym 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid...

Design/Logic Flaw

b3log Symphony aka Sym 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid...

CVE-2017-16821

b3log Symphony aka Sym 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid...

CVE-2017-16821

Vulnerability : b3log Symphony 2.2.0 is affected by an XSS in processor/AdminProcessor.java within the admin console, triggered by a crafted X-Forwarded-For header that is mishandled when displaying a client IP at /admin/user/userid. Impact : potential XSS in the admin interface as described. Rem...

Reflected Cross-site Scripting (XSS)

Keycloak services is vulnerable to reflected cross-site scripting XSS attacks. These attacks are possible because keycloak would accept a HOST header URL within the admin console when determining the web resource location...

Ignite Realtime Openfire Cross-Site Scripting Vulnerability

Openfire is a cross-platform real-time collaboration server based on the XMPP Jabber protocol. A cross-site scripting vulnerability exists in the administration console in Ignite Realtime Openfire server versions prior to 4.1.7. An attacker can execute arbitrary JavaScript code on the victim clie...