Page 5 of 26 results (0.007 seconds)

CVSS: 4.9EPSS: 0%CPEs: 24EXPL: 0

A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface. Se presenta una vulnerabilidad de salto de ruta en Pulse Connect Secure versiones anteriores a 9.1R8, que permite a un atacante autenticado leer archivos arbitrarios por medio de la interfaz web del administrador • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.1EPSS: 0%CPEs: 24EXPL: 0

An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. Se presenta una vulnerabilidad de autenticación inapropiada en Pulse Connect Secure versiones anteriores a 9.1RB, que permite a un atacante con credenciales primarias de los usuarios omitir el TOTP de Google • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-287: Improper Authentication •

CVSS: 5.4EPSS: 0%CPEs: 24EXPL: 0

A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. Una vulnerabilidad de tipo cross site scripting (XSS) en Pulse Connect Secure versiones anteriores a 9.1R8, permitió a atacantes explotar en la URL usada por Citrix ICA • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0

An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID. Una vulnerabilidad de divulgación de información en la reunión de Pulse Connect Secure versiones anteriores a 9.1R8, permitió a usuarios finales autenticados encontrar detalles de la reunión, si conocen el ID de Reunión • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0

A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. Se presenta una vulnerabilidad de tipo cross site scripting (XSS) en Pulse Connect Secure versiones anteriores a 9.1R5, en la Página PSAL • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •