Lucene search
K

5 matches found

OSV
OSV
added 2017/02/17 2:59 a.m.4 views

CVE-2016-4315

Cross-site request forgery CSRF vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxyajaxprocessor.jsp...

5.7CVSS5.8AI score0.02827EPSS
Exploits5References6
Prion
Prion
added 2017/02/17 2:59 a.m.15 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxyajaxprocessor.jsp...

3.5CVSS7.5AI score0.02827EPSS
Exploits5References6Affected Software1
Prion
Prion
added 2017/02/17 2:59 a.m.20 views

Directory traversal

Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. dot dot in the logFile parameter to downloadgz-ajaxprocessor.jsp...

4CVSS6.7AI score0.12352EPSS
Exploits7References6Affected Software1
Cvelist
Cvelist
added 2017/02/16 6:0 p.m.26 views

CVE-2016-4316

Multiple cross-site scripting XSS vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the 1 setName parameter to identity-mgt/challenges-mgt.jsp; the 2 webappType or 3 httpPort parameter to webapp-list/webappinfo.jsp; the 4 dsName or 5 descriptio...

6.1AI score0.03998EPSS
Exploits5References5
Cvelist
Cvelist
added 2017/02/16 6:0 p.m.33 views

CVE-2016-4314

Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. dot dot in the logFile parameter to downloadgz-ajaxprocessor.jsp...

4.8AI score0.12352EPSS
Exploits7References6
Rows per page
Query Builder