CVE-2011-1520

The default configuration of the server console in IBM Lotus Domino does not require a password aka ServerConsolePassword, which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a 1 Load, 2 Tell, or 3 Set Configuration command...

VMware WebAccess Cross Site Scripting vulnerability (Windows)

This host is installed with VMWare Server and is prone to Cross site scripting Vulnerability. OpenVAS Vulnerability Test $Id: gbvmwareserverwebaccessxssvulnwin.nasl 6518 2017-07-04 13:49:06Z cfischer $ VMware WebAccess Cross Site Scripting Vulnerability Windows Authors: Antu Sanadi Copyright:...

Cross site scripting

Cross-site scripting XSS vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine...

CVE-2010-1137

Cross-site scripting XSS vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine...

CVE-2003-1570

The server in IBM Tivoli Storage Manager TSM 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session,...

CVE-2003-1570

The CVE-2003-1570 issue affects IBM Tivoli Storage Manager (TSM) server versions 5.1.x, 5.2.x prior to 5.2.1.2, and 6.x prior to 6.1. The vulnerability allows remote authenticated administrators to observe the server console without requiring credentials in certain circumstances, effectively expo...

Sun Server Console Authentication Bypass

The remote host is running the Sun ONE Server Console, which provides an administrative interface to the Sun Java System Directory Server installed there. The Server Console instance on the remote host allows authentication using a default set of credentials - 'admin' / 'admin'. This is likely th...

DEBIAN-CVE-2006-2441

Pioneers meta-server before 0.9.55, when the server-console is not installed, allows remote attackers to cause a denial of service crash via certain requests from an older gnocatan client to create a new game...

Bea Weblogic application server Server Console crossite scripting

Crossite scripting; no session cookie timeout is implemented...

CVE-2005-1747

Multiple cross-site scripting XSS vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the 1 jusername or 2 jpassword parameter...

CVE-2004-2599

Multiple buffer overflows in Quake II server before R1Q2, as used in multiple products, allow local users to cause a denial of service application crash via the server console or rcon...