CVE-2017-18014

An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page Control Center - Log Viewer - in the filter option "Web Server Protection" in the webadmin...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2018-01388)

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2017-36401)

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting...

Cisco Meeting Server Denial of Service Vulnerability (CNVD-2017-32492)

Cisco Meeting Server formerly known as Acano Conferencing Server, CMS is the United States of America Cisco Cisco company's set of audio and video conferencing server software.Web Admin Interface is one of the Web login interface. A denial of service vulnerability exists in the Web Admin Interfac...

Design/Logic Flaw

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...

CVE-2017-12264

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...

CVE-2017-12264

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...

Cisco Meeting Server Denial of Service Vulnerability

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...

Peplink Balance Routers Web Admin Detection

Detection of Peplink Balance Routers Web Admin. The script sends a connection request to the server and attempts to detect the Web Admin Interface of Peplink Balance Routers. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

D-LINK DIR-850L web admin interface vulnerable to stack-based buffer overflow (CVE-2017-3193 )

The affected service is the management web, in the cgibin file located within the htdocs folder on the router filesystem. The vulnerability is a Stack-Based Buffer Overflow, caused by a non-controlled use of the strcat function that allows an overwrite of the PC, and thus the execution flow of th...

NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution', 'Description' = %q The NVRmini 2 Network...

Symantec Encryption Management Server Server Multiple Security Issues

The management console for Symantec Encryption Management Server SEMS is susceptible to potential OS command execution, local access elevation of privilege, a heap-based memory corruption resulting in a service crash and potential information disclosure of management console logon/account...

Oracle Commerce Platform A vulnerability exists in the Commerce Platform component

Oracle Commerce Platform is the United States Oracle Oracle company's set of e-business solutions platform. A security vulnerability exists in the Dynamo Application Framework - HTML Admin User Interface subcomponent of the Oracle Commerce Platform component of Oracle Commerce Platform. A remote...

CVE-2014-0152

Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors...

Session fixation

Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors...

CVE-2014-0152

CVE-2014-0152 affects oVirt Web Admin Interface (3.4.0 and earlier). Root cause: after authentication, a new session ID is not generated and session IDs may be stored in HTML5 local storage, not protected by same-origin policy. This enables a remote attacker to hijack a logged-in user’s session v...

PT-2014-3504 · Ovirt · Ovirt

Name of the Vulnerable Software and Affected Versions: oVirt versions 3.4.0 and earlier Description: A session fixation issue in the web admin interface allows remote attackers to hijack web sessions. Recommendations: For versions 3.4.0 and earlier, update to a version later than 3.4.0 to resolve...

ovirt-engine-webadmin: session fixation

Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors...

MongoDB Web Interface Detection

The remote web server is running the MongoDB Web Admin Interface. This interface lists information of interest to administrators of MongoDB, a document-oriented database system. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65915; scriptversion"1.6";...

CVE-2011-5078

The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD 3 and 7.0 before ESD 7 does not require admin authentication for unspecified scripts, which allows remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP...