3068 matches found
Ansible AWX WebUI Detection
Binary data ansibleawxdetect.nbin...
Design/Logic Flaw
On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3...
CVE-2019-0004 Juniper ATP: API and device keys are logged in a world-readable permissions file
On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3...
RATELIMITED: Information Disclosure PHPpgAdmin
PHPpgAdmin is a piece of script which allows system administrators to manage their Postgres databases easily from a webUI. We had forgotten to limit access to this script, resulting in the ability for a brute-force attack to happen...
CVE-2018-6070
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...
CVE-2018-6070
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...
UBUNTU-CVE-2018-6070
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...
Design/Logic Flaw
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...
CVE-2018-6070
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...
CVE-2018-6070
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...
CVE-2018-6070
CVE-2018-6070 is a CSP bypass vulnerability in Google Chrome/Chromium where an attacker could lure a user to install a crafted extension to bypass Content Security Policy. Technical details across connected records confirm the flaw resides in how extensions interact with WebUI CSP enforcement, en...
CVE-2018-6070
Removed by vendor...
Cross-site Scripting (XSS)
webui-jsf is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization on request.getRequestURI, allowing arbitrary scripts to be added into the URI and subsequently executed...
Security update for icinga (moderate)
This update for icinga fixes the following issues: Update to 1.14.0 - CVE-2015-8010: Fixed XSS in the icinga classic UI boo952777 - CVE-2016-8641 / CVE-2016-10089: fixed a possible symlink attack for files/dirs created by root boo1011630 and boo1018047 - CVE-2016-0726: removed the pre-configured...
Information disclosure
IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343...
CVE-2018-1708
IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343...
QNAP Photo Station WebUI Detection
Binary data qnapphotostationdetect.nbin...
CVE-2018-6054
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension...
CVE-2018-6054
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension...
CVE-2018-6054
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension...