BIT-ACTIVEMQ-2020-13947

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0...

Information Disclosure

H2 Database Engine is vulnerable to information disclosure. The vulnerability is caused by the webAdminPassword argument, which allows an administrator to specify the password in plaintext. An attacker can get the password for the H2 web admin console by looking at the running processes...

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

UBUNTU-CVE-2022-45868

DISPUTED The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access...

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

CVE-2022-45868

CVE-2022-45868 affects H2 Database Engine prior to 2.2.220. The web-based admin console can be started from the CLI with the -webAdminPassword argument, allowing the password to be passed in cleartext and discovered by a local user or someone with local access by listing processes and their argum...

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

CVE-2019-17059

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles...

CVE-2018-14417

SoftNAS Cloud OS Command Injection (CVE-2018-14417) affects SoftNAS Cloud prior to 4.0.3. The vulnerability is in the web administration snserv endpoint: the check/update path does not sanitize the recentVersion parameter, allowing an unauthenticated attacker to execute arbitrary commands with ro...

CVE-2016-6810

CVE-2016-6810 affects Apache ActiveMQ 5.x prior to 5.14.2, where the web-based administration console is vulnerable to cross-site scripting due to improper user data output validation. The issue could allow a remote attacker to execute script in a victim’s browser via the admin console URL. Remed...

CVE-2017-5261

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users...

XenMobile is unable to identify the group membership of users

Although XenMobile can find both user objects and group objects in Active Directory, XenMobile is unable to enumerate the group membership of user objects. This can result in no MAM resources being deployed unless they are bound to the 'All Users' Delivery Group. You may also find that resources...

CVE-2016-6810

In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation...

Zhone Technologies zNID GPON Remote Code Execution Vulnerability

Zhone Technologies zNID GPON 24xx, 24xxA, 42xx, 42xxA, 26xx and 28xx are router products from Zhone Technologies, USA. A remote code execution vulnerability exists in the web administrator console of the Zhone Technologies zNID GPON, which allows remote attackers to submit a special request to...

CVE-2014-8110

Multiple cross-site scripting XSS vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

PT-2015-4003 · Apache · Apache Activemq

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ versions prior to 5.10.1 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the web-based administration console. These vulnerabilities allow remote attackers to inject arbitrary web script or...

Cyberoam Admin Console Detection

Cyberoam UTM's web admin console is running on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid61446; scriptversion"1.7"; scriptsetattributeattribute:"pluginmodificationdate", value:"2020/09/14"; scriptnameenglish:"Cyberoam Admin Console Detection";...