CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4789
https://notcve.org/view.php?id=CVE-2016-4789
26 May 2016 — Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la sección de configuración del sistema en la interaz de usuario administrativo en Pulse Connect Secure (PCS) 8.2 en versiones anteriores a 8.2r1, 8.1 en versiones anteriores a ... • http://www.securitytracker.com/id/1035932 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4790
https://notcve.org/view.php?id=CVE-2016-4790
26 May 2016 — Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la interfaz de usuario administrativo en Pulse Connect Secure (PCS) 8.2 en versiones anteriores a 8.2r1, 8.1 en versiones anteriores a 8.1r2, 8.0 en versiones anteriores a 8.0r9 y 7.4 en versiones anteriores a 7.4... • http://www.securitytracker.com/id/1035932 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4791
https://notcve.org/view.php?id=CVE-2016-4791
26 May 2016 — The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors. La interfaz de usuario administrativo en Pulse Connect Secure (PCS) 8.2 en versiones anteriores a 8.2r1, 8.1 en versiones anteriores a 8.1r2, 8.0 en versiones anteriores a 8.0r9 y 7.4 en versiones anteriores a 7.4r13.4 ... • http://www.securitytracker.com/id/1035932 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2015-7322
https://notcve.org/view.php?id=CVE-2015-7322
05 Oct 2015 — The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 provides different messages for attempts to join a meeting depending on the status of the meeting, which allows remote attackers to enumerate valid meeting ids via a series of requests. El Secure Meeting (Pulse Collaboration) en Pulse Connect Secure (anteriormente Juniper Junos Pulse) en versiones anteriores a 7.1R22.1, 7.4, 8.0 en versiones anteriores... • http://www.securitytracker.com/id/1033685 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 4CVE-2015-7323 – Junos Pulse Secure Meeting 8.0.5 Access Bypass
https://notcve.org/view.php?id=CVE-2015-7323
25 Sep 2015 — The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar. El Secure Meeting (Pulse Collaboration) en Pulse Connect Secure (anteriormente Juniper Junos Pulse) en versiones anteriores a 7.1R22.1, 7.4, 8.0 en versiones anteriores a 8.0R11 y 8.1 en versiones an... • https://packetstorm.news/files/id/133711 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.4EPSS: 0%CPEs: 8EXPL: 0CVE-2015-5369
https://notcve.org/view.php?id=CVE-2015-5369
11 Aug 2015 — Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message. Vulnerabilidad en Pulse Connect Secure (también conocido como PCS y anteriormen... • http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16756 • CWE-17: DEPRECATED: Code CWE-20: Improper Input Validation •