20 matches found
EUVD-2018-0505
Malware in sbrugna...
GHSA-83M2-9G78-RRJ4 Apache Ranger Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...
Apache Ranger Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...
Apache Ranger allows users to bypass intended access restrictions via direct access to module URLs
The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs...
Apache Ranger allows users to bypass intended access restrictions via the REST API
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API...
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
Cross-site scripting XSS vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies...
GHSA-RF7Q-XQM3-6923 Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
Cross-site scripting XSS vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies...
Cross site scripting
Cross-site scripting XSS vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies...
CVE-2016-2174
SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime...
CVE-2015-5167
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API...
Design/Logic Flaw
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API...
CVE-2015-5167
The CVE-2015-5167 entry concerns Apache Ranger’s Policy Admin Tool. The vulnerability allows remote authenticated users to bypass intended access restrictions via the REST API in Ranger versions prior to 0.5.1. Affected component: Policy Admin Tool; root cause described as an access-control bypas...
CVE-2015-5167
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API...
CVE-2015-0266
The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs...
Cross site scripting
Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...
Design/Logic Flaw
The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs...
CVE-2015-0266
The CVE concerns Apache Ranger’s Policy Admin Tool pre-0.5.0. Affected component: Policy Admin Tool in Ranger. Root cause: improper access control allowing remote authenticated users to bypass intended restrictions via direct access to module URLs. Impact: confidentiality/integrity/availability e...
CVE-2015-0266
The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs...
CVE-2015-0265
Summary: CVE-2015-0265 describes a cross-site scripting (XSS) vulnerability in the Policy Admin Tool of Apache Ranger prior to version 0.5.0 . The issue allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header. Affected component: Apache Ranger Policy Admin To...
CVE-2015-0265
Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...