16 matches found
CVE-2012-10028
Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to surgeftpmgr.cgi. This can lead to full remote code execution on the underlying system...
PT-2025-31980 · Netwin · Surgeftp
Name of the Vulnerable Software and Affected Versions: Netwin SurgeFTP versions 23c8 and earlier Description: Netwin SurgeFTP contains a flaw in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to the surgeftpmgr.c...
NetIQ iManager 路径遍历漏洞
NetIQ iManager is an advanced web-based management console from NetIQ UK. Customized secure access to network management utilities and content can be provided from any location in the world. A security vulnerability exists in NetIQ iManager version 3.2.6.0200, which stems from the presence of pat...
Trend Micro Apex Central Security Vulnerability
Trend Micro Apex Central is a web-based console from Trend Micro. Trend Micro Apex Central 2019 has a security vulnerability that stems from an authenticated server-side request forgery SSRF vulnerability. It may allow an attacker to interact directly with internal or local services...
Trend Micro Apex Central 安全漏洞
Trend Micro Apex Central is a Web-based product console from Trend Micro. A cross-site scripting vulnerability exists in Trend Micro Apex Central, which can be exploited by an attacker to inject malicious script or HTML code...
Trend Micro Apex Central 安全漏洞
Trend Micro Apex Central is a Web-based product console from Trend Micro. A cross-site scripting vulnerability exists in Trend Micro Apex Central, which can be exploited by an attacker to inject malicious script or HTML code...
Trend Micro Apex Central 跨站脚本漏洞
Trend Micro Apex Central is a Web-based console from Trend Micro, Inc. A cross-site scripting vulnerability exists in Trend Micro Apex Central, which can be exploited by an attacker to inject malicious script or HTML code...
Trend Micro Apex Central 跨站脚本漏洞
Trend Micro Apex Central is a Web-based console from Trend Micro, Inc. A cross-site scripting vulnerability exists in Trend Micro Apex Central, which can be exploited by an attacker to inject malicious script or HTML code...
Trend Micro Apex Central 跨站脚本漏洞
Trend Micro Apex Central is a Web-based console from Trend Micro, Inc. A cross-site scripting vulnerability exists in Trend Micro Apex Central, which can be exploited by an attacker to inject malicious script or HTML code...
Trend Micro Apex Central Cross-Site Scripting Vulnerability (CNVD-2023-57662)
Trend Micro Apex Central is a Web-based console from Trend Micro, Inc. A cross-site scripting vulnerability exists in Trend Micro Apex Central, which can be exploited by an attacker to inject malicious script or HTML code...
Trend Micro Apex Central cross-site scripting vulnerability (CNVD-2023-57661)
Trend Micro Apex Central is a Web-based console from Trend Micro, Inc. A cross-site scripting vulnerability exists in Trend Micro Apex Central, which can be exploited by an attacker to inject malicious script or HTML code...
Trend Micro Apex Central SQL Injection Vulnerability
Trend Micro Apex Central is a Web-based console from Trend Micro, Inc. Trend Micro Apex Central suffers from a SQL injection vulnerability that can be exploited by an attacker to submit a specially crafted SQL request to manipulate a database, obtain sensitive information or execute arbitrary cod...
Multiple vulnerabilities in UNIVERGE SV9500/SV8500 series
Overview Remote system maintenance feature of UNIVERGE SV9500/SV8500 series' Web based remote maintenance console contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2020-5685 Incorrect Implementation of Authentication Algorithm CWE-303 - CVE-2020-5686 NEC Platforms,...
ESM Console XSS vulnerability
A cross-site scripting vulnerability exists in the web-based console management. This vulnerability has been assigned CVE-2015-2223. This issue affects the management interface of Traps, where an authenticated administrator may be tricked into injecting malicious JavaScript into the web UI...
CVE-2015-2223
Summary : CVE-2015-2223 is a stored XSS vulnerability in Palo Alto Networks Traps Server/ESM Console (3.1.2.1546) where an attacker can inject JavaScript via SOAP requests and have it executed in an authenticated administrator’s browser. The weakness arises from how the SOAP parameters (Arguments...
CVE-2015-2223
Multiple cross-site scripting XSS vulnerabilities in the web-based console management interface in Palo Alto Networks Traps formerly Cyvera Endpoint Protection 3.1.2.1546 allow remote attackers to inject arbitrary web script or HTML via the 1 Arguments, 2 FileName, or 3 URL parameter in a SOAP...