64 matches found
MAL-2025-159168 Malicious code in makaimaigan-aniga-uag (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7186d1dcf40ae9b3cc335a2258ce71dbdc428e78ab34239847fedd78da49da56 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-144143
Malicious code in makaimaigan-aniga-uag npm...
EUVD-2025-11481
Malicious code in bioql PyPI...
CVE-2025-25234
Omnissa UAG contains a Cross-Origin Resource Sharing CORS bypass vulnerability. A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain access to sensitive networks...
CVE-2025-25234
Omnissa UAG contains a Cross-Origin Resource Sharing CORS bypass vulnerability. A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain access to sensitive networks...
CVE-2025-25234
Omnissa UAG contains a Cross-Origin Resource Sharing CORS bypass vulnerability. A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain access to sensitive networks...
CVE-2025-25234
Omnissa UAG (Omnissa Unified Access Gateway) has a CORS bypass vulnerability. A malicious actor with network access may bypass administrator-configured CORS restrictions to access sensitive networks. CVSS metrics in the sources indicate HIGH impact on confidentiality with network attack vector an...
PT-2025-16975 · Unknown · Omnissa Uag
Name of the Vulnerable Software and Affected Versions: Omnissa UAG affected versions not specified Description: The issue is related to a Cross-Origin Resource Sharing CORS bypass, which could allow a malicious actor with network access to bypass administrator-configured CORS restrictions and gai...
Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
Summary Actions to take today: • Install fixed builds, updating all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell in December 2021,treat all affected VMware systems as...
Cross site scripting
A reflective Cross-site scripting XSS vulnerability in the freetimefailed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter...
CVE-2019-12583
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service...
CVE-2019-12581
A reflective Cross-site scripting XSS vulnerability in the freetimefailed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter...
CVE-2019-12581
The CVE-2019-12581 issue affects Zyxel ZyWall, USG, and UAG devices, where the free_time_failed.cgi CGI is vulnerable to a reflective XSS via the err_msg parameter. The Nuclei template specifies that remote attackers can inject arbitrary web script or HTML, with the attack context limited to the ...
CVE-2019-12583
The connected nuclei template confirms a concrete vulnerability in Zyxel ZyWall UAG/USG devices’ Free Time component: a remote attacker can access the account generator to create guest accounts. This is a direct access control failure that can lead to unauthorized network access or Denial of Serv...
CVE-2019-12583
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service...
Microsoft Forefront Unified Access Gateway信息泄露漏洞(MS12-026)
BUGTRAQ ID: 52909 CVE ID: CVE-2012-0147 Forefront Unified Access Gateway(UAG)是一款远程访问和协作软件。 Microsoft Forefront Unified Access Gateway UAG中存在漏洞,未验证用户可访问UAG服务器的默认网站,获取敏感信息。 0 Microsoft Forefront UAG 2010 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS12-026)以及相应补丁: MS12-026:Vulnerabilities in...
Microsoft Forefront Unified Access Gateway URI公开重定向漏洞(MS12-026)
BUGTRAQ ID: 52903 CVE ID: CVE-2012-0146 Forefront Unified Access Gateway(UAG)是一款远程访问和协作软件。 Microsoft Forefront Unified Access Gateway UAG中存在可导致信息泄露的欺骗漏洞, 攻击者重定向UAG服务器的网络流量,发送恶意链接并诱使用户单击,利用此漏洞获取敏感信息。 0 Microsoft Forefront UAG 2010 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS12-026)以及相应补丁:...
CVE-2012-0147
Microsoft Forefront Unified Access Gateway UAG 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."...
CVE-2012-0146
Open redirect vulnerability in Microsoft Forefront Unified Access Gateway UAG 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."...
Default credentials
Microsoft Forefront Unified Access Gateway UAG 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."...