13 matches found
EUVD-2015-2943
Malware in sbrugna...
EUVD-2021-14823
Malware in sbrugna...
Cross site request forgery (csrf)
A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. Th...
Avaya IP Office Application Server WebUI Component Cross-Site Scripting Vulnerability
Avaya IP Office Application Server is an application server from the American company Avaya. A cross-site scripting vulnerability exists in the WebUI component of IP Office Application Server version 11.x. The vulnerability stems from a lack of proper validation of client-side data in the WEB...
Sql injection
A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affected versions of IP Office Contact Center include all 9.x and 10.x versions prior to...
CVE-2019-7001
The CVE-2019-7001 entry concerns a SQL injection in the WebUI of IP Office Contact Center. The vulnerability affects all 9.x and 10.x IP Office Contact Center versions prior to 10.1.2.2.2-11201.1908. An authenticated attacker could retrieve or alter sensitive data related to other users on the sy...
KLA11185 Multiple vulnerabilities in Google Chrome
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface, obtain sensitive information and perform cross-site scripting attack. Below ...
MGASA-2017-0449 Updated deluge packages fix security vulnerability
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template fileCVE-2017-9031. Updated deluge package adds systemd services required to autostart deluge daemon and web service...
CVE-2015-2855
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its...
CVE-2015-2853
Session fixation vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack web sessions by providing a session ID...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators...
CVE-2015-2853
Session fixation vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack web sessions by providing a session ID...
CVE-2015-2852
Cross-site request forgery CSRF vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators...