1326 matches found
Security Bulletin: Vulnerabilities in IBM WebSphere Application Server affect IBM Spectrum Protect for Workstations (formerly Tivoli Storage Manger FastBack for Workstations) Central Administration Console (CVE-2017-1380, CVE-2017-1381)
Summary Vulnerabilities in IBM WebSphere Application Server affect IBM Spectrum Protect for Workstations formerly Tivoli Storage Manager FastBack for Workstations Central Administration Console can allow users to embed arbitrary JavaScript code in the Web UI or allow a local attacker to obtain...
Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix
Summary WebSphere Application Server may have insecure file permissions after custom startup scripts are run. The custom startup script will not pull the umask from the server.xml. This may cause some log files to have different permissions then expected. There is an information disclosure in the...
proxy.lib.berkeley.edu Improper Access Control vulnerability
Open Bug Bounty ID: OBB-631748 Description| Value ---|--- Affected Website:| proxy.lib.berkeley.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
CVE-2017-7636
Cross-site scripting XSS vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML...
CVE-2017-7635
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections...
CVE-2017-7635
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections...
Cross site request forgery (csrf)
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections...
CVE-2017-7636
Cross-site scripting XSS vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML...
CVE-2017-7637
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges...
Cross site scripting
Cross-site scripting XSS vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML...
CVE-2017-7639
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server...
CVE-2017-7639
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server...
Code injection
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server...
Design/Logic Flaw
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges...
CVE-2017-7635
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections...
CVE-2017-7636
Cross-site scripting XSS vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML...
CVE-2017-7636
CVE-2017-7636 is a cross‑site scripting (XSS) vulnerability in the QNAP NAS Proxy Server up to version 1.2.0. The issue enables remote attackers to inject arbitrary web script or HTML into pages served by the Proxy Server. The vulnerability is exploitable remotely over the network, with user inte...
CVE-2017-7637
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges...
CVE-2017-7637
CVE-2017-7637 affects QNAP NAS Proxy Server up to version 1.2.0. The vulnerability permits remote attackers to execute arbitrary OS commands with root privileges on affected systems. The records describe the vulnerable component as the Proxy Server and indicate a remote-command execution impact; ...
CVE-2017-7635
The CVE-2017-7635 entry concerns QNAP NAS Proxy Server (versions up to 1.2.0) that does not utilize CSRF protections. This lack enables CSRF-style abuse against affected installations, potentially allowing unauthorized state-changing actions initiated by an authenticated user’s session. The provi...