15 matches found
Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2025-03533)
Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the Cisco Identity Services Engine WEB interface, which can be exploited by a remote attacker to inject malicious script or HTML code, which can be use...
IR615 Router Cross-Site Scripting Vulnerability (CNVD-2021-82946)
The IR615 Router is a 4G industrial router from Rimu Technologies, China. IR615 Router has a cross-site scripting vulnerability that could be exploited to hijack user sessions connected to the system...
Authorization Bypass
modcluster is vulnerable to authorization bypass. The vulnerability exists as it was found that modcluster allowed worker nodes to register on any virtual host vhost, regardless of the security constraints applied to other vhosts. In a typical environment, there will be one vhost configured...
Session fixation
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request...
CVE-2018-9026
CA Privileged Access Manager 2.x is affected by CVE-2018-9026, a session fixation vulnerability that could allow remote attackers to hijack user sessions via a specially crafted request. The CNVD/NVD entries confirm the affected product version (2.x) and the vulnerability class but do not provide...
Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by multiple Apache Tomcat vulnerabilities
Summary Apache Tomcat is vulnerable to a number of security issues affecting the Rational Test Control Panel component in IBM Rational Test Workbench and Rational Test Virtualization Server. Vulnerability Details CVE-ID: CVE-2015-5345 Description: Apache Tomcat could allow a remote attacker to...
Sophos Cyberoam - Cross-site scripting
Sophos Cyberoam - Cross-site scripting Exploit Title: Sophos Cyberoam – Cross-site scripting XSS vulnerability Date: 25/05/2017 Exploit Author: Bhadresh Patel Version: = Firmware Version 10.6.4 CVE : CVE-2016-9834 This is an article with video tutorial for Sophos Cyberoam – Cross-site scripting X...
Cross-site request forgery
Administrate::ApplicationController actions don't have CSRF protection. Remote attackers can hijack user's sessions and use any functionality that administrate exposes on their behalf...
CuteNews 1.4.6 editnews Module - doeditnews Action Admin Moderation Bypass
CuteNews 1.4.6 editnews Module - doeditnews Action Admin Moderation Bypass source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, an...
CuteNews 1.4.6 - result Cross-Site Scripting
CuteNews 1.4.6 - result Cross-Site Scripting source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note...
CuteNews 1.4.6 - from_date_day Full Path Disclosure
CuteNews 1.4.6 - fromdateday Full Path Disclosure source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues...
CuteNews 1.4.6 - search.php Multiple Cross-Site Scripting Vulnerabilities
CuteNews 1.4.6 - search.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and...
CuteNews 1.4.6 - 'from_date_day' Full Path Disclosure
source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...
CuteNews 1.4.6 editnews Module - doeditnews Action Admin Moderation Bypass
source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...
UebiMiauXSS.txt
I.Vulnerability UebiMiau Webmail System Cross Site Scripting Vulnerability II.Vendor Aldoir Ventura III.Affected Systems UebiMiau 2.7.9 latest release and probably previous versions. IV.About UebiMiau is a simple, yet efficient mail reader webmail supporting both IMAP and POP3 without dependence ...