CVE-2020-8263
https://notcve.org/view.php?id=CVE-2020-8263
A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file. Una vulnerabilidad en la interfaz de usuario web autenticado de Pulse Connect Secure versiones anteriores a 9.1R9, podría permitir a atacantes conducir ataques de tipo Cross-Site Scripting (XSS) por medio del archivo CGI • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-8262
https://notcve.org/view.php?id=CVE-2020-8262
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface. Una vulnerabilidad en Pulse Connect Secure / Pulse Policy Secure versiones por debajo de 9.1R9, podría permitir a atacantes conducir ataques de tipo Cross-Site Scripting (XSS) y Redireccionamiento Abierto para la interfaz de usuario web autenticada • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-8261
https://notcve.org/view.php?id=CVE-2020-8261
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. Una vulnerabilidad en Pulse Connect Secure / Pulse Policy Secure versiones anteriores a 9.1R9, es vulnerable a una inyección de cookies arbitraria • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2020-8260 – Ivanti Pulse Connect Secure Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-8260
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. Una vulnerabilidad en la interfaz web de administración en Pulse Connect Secure versiones anteriores a 9.1R9, podría permitir a un atacante autenticado llevar a cabo una ejecución de código arbitraria usando una extracción gzip no controlada Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction. • http://packetstormsecurity.com/files/160619/Pulse-Secure-VPN-Remote-Code-Execution.html https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 https://gist.github.com/rxwx/03a036d8982c9a3cead0c053cf334605 https://research.nccgroup.com/2020/10/26/technical-advisory-pulse-connect-secure-rce-via-uncontrolled-gzip-extraction-cve-2020-8260 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2020-8241
https://notcve.org/view.php?id=CVE-2020-8241
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server. Una vulnerabilidad en Pulse Secure Desktop Client versiones anteriores a 9.1R9, podría permitir a un atacante llevar a cabo un ataque MITM si los usuarios finales con convencidos de conectarse a un servidor malicioso • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 •