107 matches found
OESA-2022-2073 ganglia security update
Ganglia is a scalable, real-time monitoring and execution environment with all execution requests and statistics expressed in an open well-defined XML format. Security Fixes: ganglia-web aka Ganglia Web Frontend through 3.7.5 allows XSS via the header.php ce parameter.CVE-2019-20378 ganglia-web a...
Malicious Package
Overview common-web-frontend-styling is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if th...
UBUNTU-CVE-2022-31086
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the...
Malicious code in web-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6072960685ef2154e26a6d650399a02fc1bc892374cd849d71cb5324f6ae4b51 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7069 Malicious code in web-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6072960685ef2154e26a6d650399a02fc1bc892374cd849d71cb5324f6ae4b51 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @ch-post-common/common-web-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 909faab73232acee1d72b62ae9370a819f55eb8de3c14ac9b8c3993d381dd54c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-166 Malicious code in @ch-post-common/common-web-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 909faab73232acee1d72b62ae9370a819f55eb8de3c14ac9b8c3993d381dd54c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-24851
LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...
CVE-2022-24851 Stored XSS and path traversal in LDAPAccountManager/lam
LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...
CVE-2022-24851
CVE-2022-24851 affects LDAP Account Manager (LAM). The stored XSS flaws occur in the profile editor (edit profile) and in the pdf editor (logoFile path handling), with attacker-controlled payloads when logged into the LAM admin interface. Both issues require an authenticated admin user to exploit...
OESA-2022-1568 ganglia security update
Ganglia is a scalable, real-time monitoring and execution environment with all execution requests and statistics expressed in an open well-defined XML format. Security Fixes: ganglia-web aka Ganglia Web Frontend through 3.7.5 allows XSS via the header.php ce parameter.CVE-2019-20378 ganglia-web a...
Zabbix Web Frontend Authentication Bypass (CVE-2022-23131)
An authentication bypass vulnerability exists in Zabbix Web Frontend. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
Zabbix Web Frontend Authentication Bypass (CVE-2022-23134)
An authentication bypass vulnerability exists in Zabbix Web Frontend. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
Zabbix affected by two actively exploited vulnerabilities
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Multiple security vulnerabilities have been discovered in Zabbix open-source network traffic monitoring software Web Frontend component while implementing client-side sessions storage and are being actively exploited as per...
CVE-2020-12606
An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xpcmdshell stored...
Sql injection
An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xpcmdshell stored...
CVE-2020-15307
Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS in the web front end by leveraging the ability to create a custom field with a crafted field name...
CVE-2020-10795
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access...
CVE-2020-9474
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway...
CVE-2020-9474
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway...