Page 4 of 26 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 1

A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS). Una vulnerabilidad en la interfaz de usuario web autenticado de Pulse Connect Secure y Pulse Policy Secure versiones anteriores a 9.1R8.2, podría permitir a atacantes llevar a cabo un ataque de tipo Cross-Site Scripting (XSS) • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588 https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 24EXPL: 0

An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator. Se presenta una vulnerabilidad de comprobación de permisos insuficiente en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante cambiar la contraseña de un administrador completa • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-276: Incorrect Default Permissions CWE-280: Improper Handling of Insufficient Permissions or Privileges •

CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0

A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS. Se presenta una vulnerabilidad denegación de servicio en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante autenticado llevar a cabo una inyección de comandos por medio de la web del administrador que puede causar una DOS • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.2EPSS: 3%CPEs: 24EXPL: 1

A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. Se presenta una vulnerabilidad de inyección de código en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante diseñar un URI para llevar a cabo una ejecución de código arbitraria por medio de la interfaz web de administración A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.8EPSS: 0%CPEs: 24EXPL: 0

A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting. Se presenta una vulnerabilidad de salto de ruta en Pulse Connect Secure versiones anteriores a 9.1R8, que permitió a un atacante autenticado por medio de la interfaz web del administrador llevar a cabo una vulnerabilidad de lectura de archivos arbitraria por medio de Meeting • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •