34 matches found
Default configuration
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid...
CVE-2017-18014
An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page Control Center - Log Viewer - in the filter option "Web Server Protection" in the webadmin...
Debian DSA-1735-1 : znc - missing input sanitization
It was discovered that znc, an IRC proxy/bouncer, does not properly sanitize input contained in configuration change requests to the webadmin interface. This allows authenticated users to elevate their privileges and indirectly execute arbitrary commands CVE-2009-0759 . %NASLMINLEVEL 70300 C...
DSA-1735-1 znc - privilege escalation
Bulletin has no description...
CVE-2008-5266
Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...
UBUNTU-CVE-2008-5266
Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...
CVE-2008-5266
Cross-site scripting XSS vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.101 build b09d-fcs and 9.102 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a...
CVE-2008-2751
Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...
CVE-2008-2751
Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...
CVE-2007-4529
The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the 1 AdminAddServer, 2...
CVE-2007-4529
The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the 1 AdminAddServer, 2...
CVE-2007-4529
The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the 1 AdminAddServer, 2...
FloosieTek FTGatePro 1.2 - WebAdmin Interface Information Disclosure
FloosieTek FTGatePro 1.2 - WebAdmin Interface Information Disclosure source: https://www.securityfocus.com/bid/8578/info A weakness has been reported in the FTGatePro WebAdmin Interface that could allow an unauthorized user to gain sensitive information. The problem is believed to occur due to...