26 matches found
EUVD-2014-8347
Malware in sbrugna...
CVE-2023-5771
Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 befor...
Cross site scripting
Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 befor...
CVE-2023-5771 HTML injection in AdminUI through email subject
Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 befor...
CVE-2023-5771
Proofpoint Enterprise Protection has a stored XSS vulnerability in the AdminUI triggered by HTML in the email subject. An unauthenticated attacker can exploit this by sending a crafted email, with the XSS activating when quarantined messages are viewed. Affected versions include 8.20.0 before pat...
Sql injection
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/historylog.php. The affected parameter is TYPENAME...
CVE-2019-13079
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/historylog.php. The affected parameter is TYPENAME...
CVE-2018-11135
The script '/adminui/errordetails.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks...
CVE-2018-11141
The 'IMAGESJSON' and 'attachmentstoremove' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write...
CVE-2018-11135
The script '/adminui/errordetails.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks...
CVE-2016-4380
Cross-site scripting XSS vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-4380
Cross-site scripting XSS vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-4380
Cross-site scripting XSS vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-4373
The AdminUI in HPE Operations Manager OM before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC library...
CVE-2016-4373
The AdminUI in HPE Operations Manager OM before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC library...
Design/Logic Flaw
The AdminUI in HPE Operations Manager OM before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC library...
CVE-2016-4373
The AdminUI in HPE Operations Manager OM before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC library...
CVE-2016-4373
The CVE-2016-4373 entry concerns the AdminUI of HP Operations Manager (OM) before 9.21.130 on Linux/Unix/Solaris. It allows remote attackers to execute arbitrary commands by sending a crafted serialized Java object related to the Apache Commons Collections (ACC) library, i.e., remote code executi...
Trend Micro IWSVA < 6.0 Build 1244 Information Disclosure
The remote host is running a version of Trend Micro InterScan Web Security Virtual Appliance prior to 6.0 Build 1244. It is, therefore, affected by an information disclosure vulnerability due to improper validation of user-supplied configuration input when saving filters in the AdminUI. An...