Design/Logic Flaw

iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials...

CVE-2016-5757

iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials...

CVE-2016-5757

iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials...

CVE-2016-5757

CVE-2016-5757 affects NetIQ Access Manager: iManager Admin Console in NAM 4.1 (before 4.1.2 Hot Fix 1) and 4.2 (before 4.2.2). Root cause is an iFrame manipulation vulnerability that could allow remote attackers to gain access to authentication credentials. The connected sources confirm affected ...

SAP NetWeaver AS JAVA UMEADMIN Component Directory Traversal Vulnerability

SAP NetWeaver is SAP's integrated technology platform and the technology foundation for all SAP applications since SAP Business Suite. A directory traversal vulnerability exists in the SAP NetWeaver AS JAVA UMEADMIN component, which could allow an attacker to create any directory with the...

Kaltura server cross-site scripting vulnerability (CNVD-2017-02387)

Kaltura is an open source online video platform. kaltura server is one of the servers. A cross-site scripting vulnerability exists in Kaltura server Lynx-12.11.0 and earlier versions, which stems from the program failing to adequately filter user submissions to the...

Authorization

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "adminconsole/web/tools/SimpleJWPlayer.php" URL, the "adminconsole/web/tools/AkamaiBroadcaster.php" URL, the "adminconsole/web/tools/bigRedButton.php...

CVE-2017-6391

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "adminconsole/web/tools/SimpleJWPlayer.php" URL, the "adminconsole/web/tools/AkamaiBroadcaster.php" URL, the "adminconsole/web/tools/bigRedButton.php...

CVE-2017-6392

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/adminconsole/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the contex...

IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.14 / 8.5 < 8.5.5.12 / 9.0 < 9.0.0.3 Admin Console Multiple XSS

The IBM WebSphere Application Server running on the remote host is version 7.0 prior to 7.0.0.43, 8.0 prior to 8.0.0.14, 8.5 prior to 8.5.5.12, or 9.0 prior to 9.0.0.3. It is, therefore, affected by multiple cross-site scripting XSS vulnerabilities in the Admin Console due to a failure to validat...

CVE-2016-6810

In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation...

How to restrict access to the XenMobile Server Admin console

This will allow us to restrict the access and allow only specific IP addresses to reach the management portal of the XenMobile Server...

How To Configure Single Sign-on for Receiver for ChromeOS

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Citrix Receiver for Chrome now supports single sign-on SSON on Chromebook devices and Citrix Virtual...

CVE-2016-0782

The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting XSS attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a...

CVE-2016-0782

CVE-2016-0782: Apache ActiveMQ 5.x prior to 5.11.4, 5.12.x prior to 5.12.3, and 5.13.x prior to 5.13.2 is vulnerable to cross-site scripting via the web admin console. The defect is improper validation of user-supplied input in the Admin Web console, enabling remote authenticated users to execute...

The vulnerability of the WebSphere Application Server software allows a malicious intruder to compromise the integrity of protected information.

Cross-site scripting XSS in the IBM WebSphere Application Server WAS and WebSphere Virtual Enterprise administration console allows authorized users to inject any web script or HTML code by using a specially crafted URL address...

Symantec Veritas NetBackup and NetBackup Appliance Weak Key Exchange Vulnerability

Symantec Veritas NetBackup NBU and NetBackup NBU Appliance are both products of Symantec USA. The former is a set of enterprise-class backup management software that can run on multiple operating systems, and the latter is an enterprise-class backup management appliance. A security vulnerability...

Zhone Technologies zNID GPON Remote Code Execution Vulnerability

Zhone Technologies zNID GPON 24xx, 24xxA, 42xx, 42xxA, 26xx and 28xx are router products from Zhone Technologies, USA. A remote code execution vulnerability exists in the web administrator console of the Zhone Technologies zNID GPON, which allows remote attackers to submit a special request to...

CVE-2015-1936

The administrative console in IBM WebSphere Application Server WAS 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter...

JBoss Seam 2 - Arbitrary File Upload / Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/http' require 'msf/core' class Metasploit3 'JBoss Seam 2 File Upload and Execute', 'Description' = %q Versions of the JBoss Seam 2 framework 2.2.1CR2...