CVE-2019-1888

A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid...

CVE-2020-2038

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlie...

Cross-site Request Forgery (CSRF)

openmage/magento-lts is vulnerable to cross-site request forgery. The vulnerability exists because of lack of formkey protection in the function validateSecretKey of Admin Interface, allowing an attacker to easily observe timing discrepancy in OpenMage LTS...

CVE-2020-15151

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2...

Cross site request forgery (csrf)

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2...

CVE-2020-15151 Observable Timing Discrepancy in OpenMage LTS

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2...

Observable Timing Discrepancy in OpenMage LTS

Impact This vulnerability allows to circumvent the formkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks Patches The latest OpenMage Versions up from 19.4.6 and 20.0.2 have this Issue solved References Related to Adobes CVE-2020-9690...

GHSA-CRF2-XM6X-46P6 Observable Timing Discrepancy in OpenMage LTS

Impact This vulnerability allows to circumvent the formkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks Patches The latest OpenMage Versions up from 19.4.6 and 20.0.2 have this Issue solved References Related to Adobes CVE-2020-9690...

PT-2020-14229 · Openmage · Openmage

Name of the Vulnerable Software and Affected Versions: OpenMage versions prior to 19.4.6 OpenMage versions prior to 20.0.2 Description: This issue allows attackers to circumvent the fromkey protection in the Admin Interface, increasing the attack surface for Cross Site Request Forgery attacks...

UBUNTU-CVE-2020-7018

Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...

CVE-2020-11733

An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin...

Default credentials

An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin...

Mail.ru: relap.io/admin/api - административный API доступен без аутентификации

Admin interface opened to external network without authentication on relap.io...

CVE-2020-8221

A path traversal vulnerability exists in Pulse Connect Secure 9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface...

Code injection

A code injection vulnerability exists in Pulse Connect Secure 9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface...

CVE-2020-8218

A code injection vulnerability exists in Pulse Connect Secure 9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. Recent assessments: wvu-r7 at August 27, 2020 3:29pm UTC reported: Researchers wrote this one up at...

PT-2020-20032 · Pulse Secure · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R8 Description: A denial of service issue exists that allows an authenticated attacker to perform command injection via the administrator web interface, which can cause a denial of service...

PT-2020-6841 · Pulse · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R8 Description: A code injection vulnerability exists in the admin web interface of Pulse Connect Secure, allowing an attacker to craft a URI and perform arbitrary code execution. The vulnerability is...

PT-2020-20034 · Pulse Secure · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R8 Description: A path traversal issue exists that allows an authenticated attacker, via the administrator web interface, to read arbitrary files through Meeting. Recommendations: For versions prior t...

The vulnerability in the web-based administration interface of Cisco Small Business RV320, Cisco Small Business RV325, Cisco Small Business RV016, Cisco Small Business RV042, and Cisco Small Business RV082 allows a malicious actor to cause device malfunctions or execute arbitrary code with root privileges.

The vulnerability in the web-based administration interface of Cisco Small Business RV320, Cisco Small Business RV325, Cisco Small Business RV016, Cisco Small Business RV042, and Cisco Small Business RV082 arises from an operation that goes beyond the buffer in memory. Exploiting this vulnerabili...