CVE-2018-16226

A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 v8839a1 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack, due to insufficient validation for the start.asp page. A successful exploit could allow th...

Cross site scripting

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter...

GhostDNS: New DNS Changer Botnet Hijacked Over 100,000 Routers

Chinese cybersecurity researchers have uncovered a widespread, ongoing malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to hack users with malicious web pages—especially if they visit banking sites—and steal their login credentials. Dubbed...

CVE-2018-14417

SoftNAS Cloud OS Command Injection (CVE-2018-14417) affects SoftNAS Cloud prior to 4.0.3. The vulnerability is in the web administration snserv endpoint: the check/update path does not sanitize the recentVersion parameter, allowing an unauthenticated attacker to execute arbitrary commands with ro...

CVE-2018-12465 Remote Code Execution in Micro Focus Secure Messaging Gateway

An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway SMG allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve...

Cisco Meeting Server Web Management Interface Denial of Service Vulnerability

Cisco Acano X-Series, Meeting Server 1000, and Meeting Server 2000 are video conferencing solutions from Cisco.Web Admin Interface is one of the web-based management interfaces. An input validation vulnerability exists in the Web Admin Interface in the Cisco Acano X-Series, Meeting Server 1000, a...

CVE-2018-0371

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a...

Input validation

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a...

CVE-2018-0371

CVE-2018-0371 affects Cisco Meeting Server Web Admin Interface (Acano X-Series, Meeting Server 1000, 2000). The root cause is insufficient validation of incoming HTTP requests, allowing an authenticated remote attacker to cause a DoS by restarting the system and terminating ongoing calls. This is...

Cisco Meeting Server Web Admin Interface Denial of Service Vulnerability

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a...

CVE-2018-1201

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may...

CVE-2018-1189

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially...

Cross site scripting

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially...

Cross site scripting

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or...

CVE-2018-1000095

oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting XSS vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3...

oVirt Cross-Site Scripting Vulnerability

Red Hat Ovirt is the United States Red Hat Red Hat company's set of open source virtualization management platform , is the RHEV enterprise virtualization platform of the open source version of the ovirt-node client and overt-engine management end of the composition of the Web admin application i...

CVE-2017-18014

An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page Control Center - Log Viewer - in the filter option "Web Server Protection" in the webadmin...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2018-01388)

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting...

CVE-2016-6810

In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation...

CVE-2016-6810

CVE-2016-6810 affects Apache ActiveMQ 5.x prior to 5.14.2, where the web-based administration console is vulnerable to cross-site scripting due to improper user data output validation. The issue could allow a remote attacker to execute script in a victim’s browser via the admin console URL. Remed...