Page 2 of 51 results (0.010 seconds)

CVSS: 8.0EPSS: 0%CPEs: 16EXPL: 0

CVE-2018-0047 – Junos Space Security Director: XSS vulnerability in web administration

https://notcve.org/view.php?id=CVE-2018-0047

A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2. Una vulnerabilidad Cross-Site Scripting (XSS) persistente en el la interfaz del framework empleado por Junos Space Security Director podría permitir que usuarios autenticados inyecten scripts persistentes y maliciosos. Esto podría permitir el robo de información o la realización de acciones como otro usuario cuando otros acceden a la interfaz web de Security Director. • http://www.securitytracker.com/id/1041863 https://kb.juniper.net/JSA10881 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-0046 – Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS

https://notcve.org/view.php?id=CVE-2018-0046

A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1. Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en OpenNMS incluido con Juniper Networks Junos Space podría permitir el robo de información sensible o credenciales de sesión de los administradores de Junos Space o realizar acciones administrativas. Este problema afecta a Juniper Networks Junos Space en versiones anteriores a la 18.2R1. • http://www.securityfocus.com/bid/105566 http://www.securitytracker.com/id/1041862 https://github.com/OpenNMS/opennms/commit/8710463077c10034fcfa06556a98fb1a1a64fd0d https://kb.juniper.net/JSA10880 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0

CVE-2014-3413

https://notcve.org/view.php?id=CVE-2014-3413

The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access. El servidor MySQL en Juniper Networks Junos Space, en versiones anteriores a la 13.3R1.8, tiene una cuenta sin especificar con una contraseña embebida. Esto permite que atacantes remotos obtengan información sensible y, consecuentemente, obtengan control administrativo aprovechando el acceso a la base de datos. • https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10627 https://www.tenable.com/security/research/tra-2014-01 • CWE-798: Use of Hard-coded Credentials •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-0012 – Junos Space: Local privilege escalation vulnerability in Junos Space

https://notcve.org/view.php?id=CVE-2018-0012

Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges. Junos Space se ve afectado por una vulnerabilidad de escalado de privilegios que podría permitir que un atacante local autenticado obtenga privilegios root. • http://www.securitytracker.com/id/1040189 https://kb.juniper.net/JSA10838 •

CVSS: 5.4EPSS: 0%CPEs: 15EXPL: 0

CVE-2018-0011 – Junos Space: Reflected XSS vulnerability in Junos Space management interface

https://notcve.org/view.php?id=CVE-2018-0011

A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management device. Una vulnerabilidad Cross-Site Scripting (XSS) reflejado en Junos Space podría permite que un usuario autenticado remoto inyecte script web o HTML, robe datos sensibles y credenciales de una sesión y realice acciones administrativas en el dispositivo de gestión de redes de Junos Space. • http://www.securitytracker.com/id/1040189 https://kb.juniper.net/JSA10838 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •