5 matches found
CVE-2016-4315
Cross-site request forgery CSRF vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxyajaxprocessor.jsp...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxyajaxprocessor.jsp...
Directory traversal
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. dot dot in the logFile parameter to downloadgz-ajaxprocessor.jsp...
CVE-2016-4316
Multiple cross-site scripting XSS vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the 1 setName parameter to identity-mgt/challenges-mgt.jsp; the 2 webappType or 3 httpPort parameter to webapp-list/webappinfo.jsp; the 4 dsName or 5 descriptio...
CVE-2016-4314
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. dot dot in the logFile parameter to downloadgz-ajaxprocessor.jsp...