[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 246412 Download | Alert*

An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.

An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping.

An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets.

An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.

OpenIAM before 4.2.0.3 allows XSS in the Add New User feature.

OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.

OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.

OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.

OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.

The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure.


Pages:      Start    12765    12766    12767    12768    12769    12770    12771    12772    12773    12774    12775    12776    12777    12778    ..   24641

© SecPod Technologies