CVE-2020-4658

IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186095.

Publication date: Thu, 17 Dec 2020 03:15:00 +0000

Cyber News related to CVE-2020-4658

CVE-2020-4658 - IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ...
4 years ago

CVE-2020-1246 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1266 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1262 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1275 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1264 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1276 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1274 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1237 - An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1246, CVE-2020-1262, ...
3 years ago

CVE-2020-1307 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1273 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1316 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
3 years ago

CVE-2020-1269 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, ...
2 years ago

CVE-2020-0986 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, ...
2 years ago

CVE-2009-4658 - Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657. ...
7 years ago

CVE-2008-4658 - SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. ...
13 years ago

CVE-2005-4658 - Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface. ...
13 years ago

CVE-2012-4658 - The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447. ...
10 years ago

CVE-2015-4658 - Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) usr or (2) pwd parameter. ...
9 years ago

CVE-2007-4658 - The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. ...
6 years ago

CVE-2006-4658 - Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses sequential message numbers in generated URLs that are not filtered if the user replies to a message, which might allow remote attackers to determine mail usage patterns. ...
6 years ago PLATINUM

CVE-2016-4658 - xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary ...
5 years ago

CVE-2017-10940 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must ...
5 years ago

CVE-2013-4658 - Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. ...
5 years ago

CVE-2010-4658 - statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks. ...
5 years ago

Latest Cyber News

Microsoft to shut down Skype, Here is the Deadline - 9 minutes ago
Serbian police used Cellebrite zero-day hack to unlock Android phones - 53 minutes ago
Microsoft confirms it's killing off Skype in May, after 14 years - 2 hours ago
CVE-2024-53408 - 2 hours ago
CVE-2024-41338 - 2 hours ago
Chinese Hackers Exploiting Check Point's VPN Zero-Day Vulnerability - 3 hours ago
Nakivo Backup & Replication Tool Vulnerability Allows Attackers to Read Arbitrary Files - 4 hours ago
Hacker behind over 90 high-profile data leaks worldwide arrested in Thailand | The Record from Recorded Future News - 4 hours ago
Poco RAT Malware Exploits PDF Files to Infiltrate Systems and Steal Data - 4 hours ago
Njrat Attacking Users Abusing Microsoft Dev Tunnels for C2 Communications - 5 hours ago
New Pass-the-Cookie Attack Bypass Microsoft 365 & YouTube MFA Logins - 5 hours ago
PingAM Java Agent Vulnerability Let Attackers Gain Unauthorized Access - 5 hours ago
Lynx Ransomware Attacking Organizations to Exfiltrate Sensitive Data - 7 hours ago
1.6 Million Android TVs Worldwide Hacked by Vo1d Botnet - 8 hours ago
New GitHub Scam With Thousand of “mods" & "cracks" Steal Your Data - 8 hours ago
260 Domains Hosting 5,000 Weaponized PDF Files Attacking Users - 9 hours ago
Wallbleed Exposes Memory Vulnerability in China’s Great Firewall DNS System - 9 hours ago
18 Best Web Filtering Solutions - 2025 - 9 hours ago
DeepSeek Data Leak - 12,000 Hardcoded Live API keys and Passwords Exposed - 13 hours ago
Vo1d malware botnet grows to 1.6 million Android TVs worldwide - 18 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
Kimsuky - 1 year ago
23andMe - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Microsoft to shut down Skype, Here is the Deadline - 9 minutes ago
Serbian police used Cellebrite zero-day hack to unlock Android phones - 53 minutes ago
Microsoft confirms it's killing off Skype in May, after 14 years - 2 hours ago
Chinese Hackers Exploiting Check Point's VPN Zero-Day Vulnerability - 3 hours ago
Nakivo Backup & Replication Tool Vulnerability Allows Attackers to Read Arbitrary Files - 4 hours ago
Hacker behind over 90 high-profile data leaks worldwide arrested in Thailand | The Record from Recorded Future News - 4 hours ago
Poco RAT Malware Exploits PDF Files to Infiltrate Systems and Steal Data - 4 hours ago
Njrat Attacking Users Abusing Microsoft Dev Tunnels for C2 Communications - 5 hours ago
New Pass-the-Cookie Attack Bypass Microsoft 365 & YouTube MFA Logins - 5 hours ago
PingAM Java Agent Vulnerability Let Attackers Gain Unauthorized Access - 5 hours ago
Lynx Ransomware Attacking Organizations to Exfiltrate Sensitive Data - 7 hours ago
1.6 Million Android TVs Worldwide Hacked by Vo1d Botnet - 8 hours ago
New GitHub Scam With Thousand of “mods" & "cracks" Steal Your Data - 8 hours ago
260 Domains Hosting 5,000 Weaponized PDF Files Attacking Users - 9 hours ago
Wallbleed Exposes Memory Vulnerability in China’s Great Firewall DNS System - 9 hours ago
18 Best Web Filtering Solutions - 2025 - 9 hours ago
DeepSeek Data Leak - 12,000 Hardcoded Live API keys and Passwords Exposed - 13 hours ago
CVE-2018-9994 - 1 year ago
CVE-2018-9329 - 1 year ago
CVE-2018-9324 - 1 year ago