1114 matches found
CVE-2017-15911
The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...
CVE-2017-12158
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server...
Design/Logic Flaw
The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...
Design/Logic Flaw
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server...
CVE-2017-12158
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server...
CVE-2017-15911
The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...
CVE-2017-12158
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server...
PT-2017-5475 · Red Hat · Jboss Application Server
Name of the Vulnerable Software and Affected Versions: JBoss Application Server affected versions not specified Description: The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses. This might allow man-in-the-middle attacke...
keycloak: reflected XSS using HOST header
It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server...
keycloak: reflected XSS using HOST header
It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server...
WEM Admin Console Error: "Specified Infrastructure Server seems to be offline or have a wrong database configuration. Please check configuration and try again"
After performing in-place upgrade of the WEM Broker, The WEM Admin console gives the following error when trying to connect to the WEM site:. "Specified Infrastructure Server seems to be offline or have a wrong database configuration. Please check configuration and try again" Plus, when opening t...
NPM-V (Network Power Manager) 2.4.1 - Password Reset
NPM-VNetwork Power Manager = 2.4.1 Reset Password Vulnerability Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: NPM-V Affected Version : 2.4.1 and below Vendor : http://www.china-clever.com Product Link : http://www.china-clever.com/en/index.php/product?view=products&cid=125 Date:...
NPM-V (Network Power Manager) 2.4.1 Password Reset
NPM-VNetwork Power Manager = 2.4.1 Reset Password Vulnerability Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: NPM-V Affected Version : 2.4.1 and below Vendor : http://www.china-clever.com Product Link : http://www.china-clever.com/en/index.php/product?view=products&cid=125 Date:...
WEM admin console fails to connect with error: Error while connecting to the specified Infrastructure Server
The WEM Administration Console errors out while connecting to the broker with a generic error: "Error while connecting to the specified Infrastructure Server". Looking into the the WEM admin console debug logs %userprofile%\Citrix WEM Console Trace.Log the following error is reported: Exception -...
XenMobile is unable to identify the group membership of users
Although XenMobile can find both user objects and group objects in Active Directory, XenMobile is unable to enumerate the group membership of user objects. This can result in no MAM resources being deployed unless they are bound to the 'All Users' Delivery Group. You may also find that resources...
CVE-2017-14142
Multiple cross-site scripting XSS vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 partnerId or 2 playerVersion parameter to server/adminconsole/web/tools/bigRedButton.php; the 3 partnerId, 4 playerVersion, 5 secret, 6 entryId, 7...
Multiple vulnerabilities in CG-WLR300NM
Overview CG-WLR300NM provided by Corega Inc. is a wireless LAN router. CG-WLR300NM contains multiple vulnerabilities listed below. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
Error message "The Google Play logon request used an invalid device ID"
While setting up Google Play Credentials, we will receive the below error message on XenMobile Admin Console...
CVE-2017-1501
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576...
Code injection
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576...