Pulse Secure VPN Arbitrary Command Execution Exploit

Pulse Secure Pulse Connect Secure versions 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure versions 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1 have an...

Pulse Connect Secure XSS (SA3877)

According to its self-reported version, the version of Pulse Connect Secure running on the remote host is 8.3Rx prior to 8.3R3 It is, therefore, affected by a cross-site scripting vulnerability in rd.cgi due to improper header sanitization. An unauthenticated, remote attacker can exploit this, by...

CVE-2018-20809

A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure PCS 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX...

CVE-2019-11538

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device...