CVE-2020-1941

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue...

CVE-2020-1941

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue...

Design/Logic Flaw

A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter...

Moderate: Red Hat Bug Fix Advisory: OpenShift Container Platform 3.10 bug fix update

Red Hat OpenShift Container Platform release 3.10.127 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...

Improper Authentication in Apache Karaf

In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web...

CVE-2018-11787

In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web...

CVE-2018-11787

In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web...

CVE-2018-11787

CVE-2018-11787 affects Apache Karaf prior to 3.0.9, 4.0.9 and 4.1.1 where the webconsole opens a Gogo shell and, if Pax Web Extender Whiteboard is present, an unauthenticated /gogo URL can expose the Karaf console. Direct access to /system/console/gogo also requires authentication, but the /gogo ...

CVE-2018-14857

Unrestricted file upload with remote code execution in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are...

CVE-2018-14857

Unrestricted file upload with remote code execution in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are...

CVE-2018-14857

Unrestricted file upload with remote code execution in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are...

CVE-2018-6291

WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1...

Cross site scripting

WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1...

CVE-2018-6291

WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1...

CVE-2018-6291

WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1...

FireFox RCE by chaining small bugs

The Main Bug The main bug that made this possible was a strange behavior where 'javascript:' URLs coming from bookmarks were turning into chrome windows after a refresh occurs. This gave me my first chance at potentially injecting arbitrary chrome code, achieving that would mean I have an RCE!...

PowerScripts PlusMail WebConsole 1.0 Poor Authentication Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/2653/info PowerScripts PlusMail Web Control Panel is a web-based administration suite for maintaining mailing lists, mail aliases, and web sites. It is reportedly possible to change the administrative username and passwor...

JBoss 4.2.0 WebConsole/Invoker DeploymentFileRepository 代码执行漏洞

No description provided by source...

CVE-2012-0271

The CVE affects Novell GroupWise Internet Agent (GWIA) using WebConsole gwia.exe, where GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 are vulnerable to a remote heap-based buffer overflow triggered by a crafted HTTP Content-Length header (-1). The root cause is an integer overflow in the Web...

Sybase EAServer WebConsole Buffer Overflow (CVE-2005-2297)

Sybase EAServer is a web service application server suite. The software provides a web-based management console to allow a remote user using a web browser to perform database administration tasks. The communication between the client and the web-based management console is encapsulated in the HTT...