Page 3 of 43 results (0.009 seconds)

CVSS: 8.8EPSS: 0%CPEs: 42EXPL: 0

A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature Se presenta una vulnerabilidad de inyección de comandos en Pulse Connect Secure antes de 9.1R11.4 que permite a un atacante autenticado remoto llevar a cabo una ejecución de código remota por medio de Windows Resource Profiles Feature Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.0EPSS: 0%CPEs: 41EXPL: 0

A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. Se presenta una vulnerabilidad de Desbordamiento del Búfer en Pulse Connect Secure versiones anteriores a 9.1R11.4, permite a un atacante autenticado remoto ejecutar código arbitrario como usuario root por medio de una sala de reuniones diseñada con fines maliciosos Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/?kA23Z000000boUWSAY • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface. Una vulnerabilidad en Pulse Connect Secure / Pulse Policy Secure versiones por debajo de 9.1R9, podría permitir a atacantes conducir ataques de tipo Cross-Site Scripting (XSS) y Redireccionamiento Abierto para la interfaz de usuario web autenticada • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. Una vulnerabilidad en Pulse Connect Secure / Pulse Policy Secure versiones anteriores a 9.1R9, es vulnerable a una inyección de cookies arbitraria • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.2EPSS: 0%CPEs: 27EXPL: 0

An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Una vulnerabilidad de tipo XML external entity (XXE) en Pulse Connect Secure (PCS) versiones anteriores a 9.1R9 y Pulse Policy Secure (PPS) versiones anteriores a 9.1R9, permite a administradores autenticados remotos conducir ataques de tipo server-side request forgery (SSRF) por medio de un DTD diseñado en una petición XML • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-611: Improper Restriction of XML External Entity Reference •