524 matches found
keycloak: HTML injection in execute-actions-email Admin REST API
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users...
CVE-2022-45699
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter...
CVE-2022-45699
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter...
CVE-2022-45699
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter...
PT-2023-14731
Name of the Vulnerable Software and Affected Versions APSystems ECU-R version 5203 Description The issue allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter in the administration interface. Recommendations For APSystems ECU-R version 5203,...
PT-2022-22313 · Zyxel · Zyxel Gs1900
Name of the Vulnerable Software and Affected Versions: Zyxel GS1900 series firmware versions prior to V2.70 Description: An insufficient entropy issue, caused by the improper use of randomness sources with low entropy for RSA key pair generation, affects the web administration interface. This cou...
The vulnerability of the OTRS ticket request administration interface, related to the lack of protective measures for the website structure, allows a hacker to carry out XSS attacks.
The vulnerability of the OTRS ticket request administration interface is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
CVE-2021-37289
Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etcro/web/syscmd.asp...
Command injection
Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etcro/web/syscmd.asp...
PT-2022-19915 · Raytion · Raytion Custom Security Manager
Name of the Vulnerable Software and Affected Versions: Raytion Custom Security Manager version 7.2.0 Description: The administration interface of the Raytion Custom Security Manager allows reflected Cross-site Scripting XSS. This issue can be exploited through the administration interface,...
CVE-2022-29906
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66 omits a check for the quizadmin user...
QNAP QTS / QuTS Hero Default Credentials
The remote QNAP QTS or QuTS Hero web administration interface uses a known set of hard-coded default credentials. An attacker can exploit this to gain administrative access to the remote host. %NASLMINLEVEL 70300 C Tenable, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...
The vulnerability of the administration interface of the server for managing VMware Carbon Black App Control allows a perpetrator to execute arbitrary code.
The vulnerability of the administration interface of the VMware Carbon Black App Control server relates to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by loading a specially crafted file...
Unspecified Vulnerability in 3CX Phone System
The 3CX Phone is a software-based private branch exchange. It can be used with SIP standard based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution. A security vulnerability exists in the 3CX Phone System that stems from the 3CX Phone System storing passwords in...
Reflected cross-site scripting (XSS) vulnerability
This security advisory relates to a capability for an attacker to exploit a reflected cross-site scripting vulnerability when using the @keystone-6/auth package. Impact The vulnerability can impact users of the administration user interface when following an untrusted link to the signin or init...
GHSA-HRGX-7J6V-XJ82 Reflected cross-site scripting (XSS) vulnerability
This security advisory relates to a capability for an attacker to exploit a reflected cross-site scripting vulnerability when using the @keystone-6/auth package. Impact The vulnerability can impact users of the administration user interface when following an untrusted link to the signin or init...
EC-CUBE improper access control vulnerability
EC-CUBE is an open source system for creating shopping websites. EC-CUBE version 2.11.2 - 2.17.1 contains an improper access control vulnerability in the administration interface. An attacker could use this vulnerability to change system settings without proper privileges...
PT-2021-19929 · Contour +1 · Contour +1
Name of the Vulnerable Software and Affected Versions: Contour versions prior to 1.17.1 Contour versions prior to 1.18.0 Description: A specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy containe...
PT-2021-19880 · Shopware · Shopware
Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.4.1.1 Description: The admin API has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommended to update to version 6.4.1.1. The update to 6.4.1.1 can ...
CVE-2020-6641
Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters...