Lucene search
K

112 matches found

Cisco
Cisco
added 2013/09/03 3:35 p.m.21 views

Cisco Wireless LAN Controller Multiple Parameter Handling Denial of Service Vulnerability

A vulnerability in the Web Administrator Interface of Cisco Wireless LAN Controllers WLC could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a failure to properly validate certain parameters prior to processing them on the device. ...

6.8CVSS2.9AI score0.01237EPSS
Exploits0References1
Prion
Prion
added 2013/08/30 8:55 p.m.19 views

Design/Logic Flaw

The Web Administrator Interface on Cisco Wireless LAN Controller WLC devices allows remote authenticated users to cause a denial of service device crash by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request...

6.3CVSS6.9AI score0.01237EPSS
Exploits0References5
CVE
CVE
added 2013/08/30 8:0 p.m.47 views

CVE-2013-3474

CVE-2013-3474 affects Cisco Wireless LAN Controller (WLC) Web Administrator Interface. An authenticated attacker who is a member of Full Manager, Read Only, or Lobby Ambassador groups can cause a DoS (device crash) by submitting a request with a missing or malformed parameter value, triggering th...

6.3CVSS6.5AI score0.01237EPSS
Exploits0References5Affected Software1
seebug.org
seebug.org
added 2013/02/22 12:0 a.m.35 views

Django 1.3/1.4 拒绝服务和信息泄露漏洞

BUGTRAQ ID: 58061 CVECAN ID: CVE-2013-0305,CVE-2013-0306 Django是Python编程语言驱动的一个开源Web应用程序框架。 Django 1.3.6、1.4.4之前版本在实现上存在多个漏洞,可被恶意用户利用绕过某些安全限制并造成拒绝服务。 1、扩展XML实体时存在错误,通过包含恶意属性的特制XML,可消耗大量内存。 2、处理某些XML数据时存在错误,通过包含外部实体引用的特制XML数据,可泄露敏感信息。 3、在访问历史视图时,管理员界面没有正确验证访问权限,可被利用查看管理界面内的对象访问历史。...

5CVSS0.02574EPSS
Exploits1
0day.today
0day.today
added 2012/11/30 12:0 a.m.20 views

SysAid Helpdesk 8.5 Pro SQL Injection Vulnerability

SysAid Helpdesk version 8.5 Pro suffers from multiple remote blind SQL injection vulnerabilities. ======= Summary ======= Name: SysAid Helpdesk Pro - Blind SQL Injection Release Date: 30 November 2012 Reference: NGS00241 Discoverer: Daniel Compton Vendor: SysAid Vendor Reference: Systems Affected...

8.3AI score
Exploits0
Prion
Prion
added 2012/09/16 10:34 a.m.17 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the ISE Administrator user interface aka the Apache Tomcat interface on Cisco Identity Services Engine ISE 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators,...

6.8CVSS7.7AI score0.00643EPSS
Exploits0References4Affected Software2
0day.today
0day.today
added 2012/08/31 12:0 a.m.27 views

Eventy CMS v1.8 Plus Multiple Vulnerabilities

Exploit for php platform in category web applications Eventy CMS v1.8 Plus - Multiple Web Vulnerablities Introduction: ============= Publish Your Events In Online Calendar. Eventy Is Beautiful And Easy To Use Web Based Event Calendar Software Publish events like parties, courses, meetings,...

7.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2011/12/20 12:0 a.m.4 views

Symantec IM Manager Administrator Interface SQL injection (CVE-2011-0553)

Symantec IM Manager is a software-based proxy to secure, manage, and log IM messages for enterprise and public IM protocols. It provides real-time threat protection against IM viruses, worms, and other types of attacks delivered through IM messages. An SQL injection vulnerability has been reporte...

7.5CVSS7.7AI score0.01854EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2011/03/01 10:42 p.m.5 views

mailman: XSS triggerable by list administrator

Multiple cross-site scripting XSS vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 editing templates and 2 the list's "info attribute" in the web administrator interface, a different vulnerability than...

4.3CVSS6.1AI score0.01919EPSS
Exploits0References4
NVD
NVD
added 2010/12/22 9:0 p.m.22 views

CVE-2010-3905

The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users...

7.5CVSS7AI score0.02863EPSS
Exploits0References8
Cvelist
Cvelist
added 2010/12/22 8:0 p.m.25 views

CVE-2010-3905

The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users...

6.9AI score0.02863EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2010/12/16 12:0 a.m.30 views

CVE-2010-3905

The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users...

7.5CVSS5.9AI score0.02863EPSS
Exploits0References2
Prion
Prion
added 2010/11/12 10:0 p.m.19 views

Session fixation

Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID aka SID value...

6.8CVSS7AI score0.01188EPSS
Exploits1References4Affected Software1
htbridge
htbridge
added 2010/09/20 12:0 a.m.24 views

Multiple Vulnerabilities in Elxis CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Elxis CMS which could be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-site scripting XSS vulnerabilities in Elxis CMS The vulnerability exists due to input sanitation error in the...

7.5CVSS7.5AI score
Exploits0Affected Software1
exploitpack
exploitpack
added 2010/07/09 12:0 a.m.17 views

dotDefender 3.8-5 - Remote Code Execution (via Cross-Site Scripting)

dotDefender 3.8-5 - Remote Code Execution via Cross-Site Scripting / DotDefender = 3.8-5 No Authentication Remote Code Execution Through XSS Tested on DotDefender 3.8-5 On Ubuntu Server 9.10 64-bit with Firefox 3.6.3 Paul Hand aka rAWjAW AT offsec.com Original Post-Authentication Remote Command...

0.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/12/23 12:0 a.m.33 views

SQL-Ledger 'admin.pl' Empty Credentials

The remote web server is hosting SQL-Ledger, a web-based double-entry accounting system. The installed version does not require credentials to access the administrator interface. Note that the installed version is potentially affected by several other vulnerabilities, though Nessus has not tested...

7.5CVSS5.5AI score0.01391EPSS
Exploits0References2
Prion
Prion
added 2009/08/18 9:0 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL...

4.3CVSS5.7AI score0.07905EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2009/08/18 9:0 p.m.20 views

CVE-2009-2851

Cross-site scripting XSS vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL...

4.3CVSS5.4AI score0.07905EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2009/08/18 8:41 p.m.18 views

CVE-2009-2851

Cross-site scripting XSS vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL...

4.3CVSS4.6AI score0.07905EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.27 views

Mandriva Linux Security Advisory : mailman (MDVSA-2008:061)

Multiple cross-site scripting XSS vulnerabilities were found in Mailman prior to version 2.1.10b1, which allow remote attackers to inject arbitrary web script or HTML via edting templates and the list's info attribute in the web administrator interface. The updated packages have been patched to...

4.3CVSS5.6AI score0.01919EPSS
Exploits0References1
Rows per page
Query Builder