Security Bulletin: Informix Open Admin Tool (OAT) cross-site scripting vulnerability (CVE-2013-0492)

Abstract An attacker can trick a user into inserting a mal-formed URL address into a browser or clicking on a mal-formed URL link and exploit a cross-site scripting vulnerability that can be used to gain unauthorized access or collect sensitive information. Content CVEID: CVE-2013-0492 CVSS Base...

CVE-2020-1756

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool...

UBUNTU-CVE-2020-1756

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aimmo (>=2.0.0 <=2.4.0) +87 more potentially affected by CVE-2022-34265 via django (>=3.2.0 <=3.2.13)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =6.0.0, =6.0.0, =1.1.0, =1.1.1 - common-framework =2021.4.1 - directory-constants =21.3.0 and more Source cves: CVE-2022-34265 Source advisory: OSV:GHSA-P64X-8RXX-WF6Q...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aimmo (>=2.0.0 <=2.4.0) +87 more potentially affected by CVE-2022-34265 via django (>=3.2.0 <=3.2.13)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =6.0.0, =6.0.0, =1.1.0, =1.1.1 - common-framework =2021.4.1 - directory-constants =21.3.0 and more Source cves: CVE-2022-34265 Source advisory: OSV:PYSEC-2022-213...

Insufficient Session Expiration in TYPO3's Admin Tool

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C 5.6 Problem Admin Tool sessions initiated via the TYPO3 backend user interface have not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the adm...

GHSA-WWJW-R3GJ-39FQ Insufficient Session Expiration in TYPO3's Admin Tool

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C 5.6 Problem Admin Tool sessions initiated via the TYPO3 backend user interface have not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the adm...

TYPO3 Session Expiration Vulnerability (TYPO3-CORE-SA-2022-005)

TYPO3 is prone to an insufficient session expiration vulnerability in the admin tool. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-31050

TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This...

CVE-2022-31050 Insufficient Session Expiration in TYPO3 Admin Tool

TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This...

CVE-2022-31050 Insufficient Session Expiration in TYPO3 Admin Tool

TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This...

CVE-2022-31050 Insufficient Session Expiration in TYPO3 Admin Tool

TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This...

TYPO3-CORE-SA-2022-005: Insufficient Session Expiration in Admin Tool

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-005...

TYPO3-CORE-SA-2022-005: Insufficient Session Expiration in Admin Tool

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-005...

GHSA-WV9C-PFPM-4WC5 Moodle CSRF Vulnerability

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey CSRF token was not being utilised by the XML loading/unloading admin tool...

Apache Ranger Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...

GHSA-83M2-9G78-RRJ4 Apache Ranger Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...

Apache Ranger allows users to bypass intended access restrictions via direct access to module URLs

The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs...

Apache Ranger allows users to bypass intended access restrictions via the REST API

The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API...

CVE-2021-41810

Script injection in M-Files Admin versions before 22.2.11051.0, allows executing stored script in admin tool. M-Files Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely...