51 matches found
CVE-2023-20184 Cisco DNA Center Software API Vulnerabilities
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...
PT-2022-24440 · Msi · Msi Center
Name of the Vulnerable Software and Affected Versions: MSI Center version 1.0.50.0 Description: The issue allows attackers to escalate privileges via running a crafted executable, exploiting a vulnerability in the component C Features of MSI.CentralServer.exe. Recommendations: For version 1.0.50....
The vulnerability of the toNumber, trim, and trimEnd functions in the lodash library for application software from Aurora Center involves an uncontrolled resource consumption, allowing attackers to cause service failures.
The vulnerability of the toNumber, trim, and trimEnd functions in the lodash library for application software from Aurora Center involves an uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface do...
CVE-2021-1257
A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The...
CVE-2021-1257
CVE-2021-1257 affects Cisco DNA Center (web-based management interface) with CSRF in versions prior to 2.1.2.0. An unauthenticated, remote attacker can lure a logged-in user to a crafted link, causing actions on the device with the user’s privileges, including modifying configuration, disconnecti...
CVE-2020-3448
A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are running on an affected device. The vulnerability is due to insufficient enforcement of access control...
Sql injection
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...
Intel Data Center Migration Center Software software installer DLL injection vulnerability
Intel Data Center Migration Center Software is a set of data center migration software from Intel Corporation in the U.S. The software installer is its installer. A DLL injection vulnerability exists in the software installer in Intel Data Center Migration Center Software 3.1 and earlier versions...
Design/Logic Flaw
DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access...
CVE-2018-12160
CVE-2018-12160 is a DLL injection vulnerability in Intel Data Center Migration Center Software installer (v3.1 and earlier). The issue allows an authenticated local user to execute code with default directory permissions due to improper installer permissions. Affected product/versions: Intel Data...
Authentication flaw
A vulnerability in the API gateway of the Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could...
Cisco NX-OS System Software Command Injection Vulnerability in Multiple Cisco Products (CNVD-2017-36141)
Cisco Nexus 5000 Series Switches are the Cisco Nexus series of data center-class switches from Cisco, Inc.Cisco NX-OS System Software is the data center operating system that runs on them. A command injection vulnerability exists in the CLI of Cisco NX-OS System Software in multiple Cisco product...
CVE-2017-12248
CVE-2017-12248 concerns Cisco Unified Intelligence Center Software. The issue is a cross-site scripting (XSS) vulnerability caused by insufficient input validation in the web framework code, allowing an unauthenticated, remote attacker to craft a malicious link or intercept a user request to inje...
CVE-2015-2608
Unspecified vulnerability in 1 the Oracle Communications Diameter Signaling Router DSR component in Oracle Communications Applications 4.1.6 and earlier, 5.1.0 and earlier, 6.0.2 and earlier, and 7.1.0 and earlier; 2 the Oracle Communications Performance Intelligence Center Software component in...
VCE Vision Intelligent Operations Information Disclosure Vulnerability (CNVD-2015-03961)
VCE Vision Intelligent Operations is a suite of data center software from VCE that supports data centers across multiple systems. The software provides converged infrastructure management, system health checks, and more. An information disclosure vulnerability exists in VCE Vision Intelligent...
HP Info Center ActiveX Control Multiple Remote Vulnerabilities
The remote host contains the HP Quick Launch Button software, part of the HP Info Center software installed by default on many HP and Compaq laptop models. The version of this software on the remote host includes an ActiveX control that reportedly contains three insecure methods - 'GetRegValue',...
CVE-2006-7145
edituser.php in Call Center Software 0.93 and earlier allows remote attackers to obtain sensitive information such as account passwords via a modified userid parameter...
CVE-2006-7143
Cross-site scripting XSS vulnerability in Call Center Software 0.93 and earlier allows remote attackers to inject arbitrary web script or HTML via the problem description field...
CVE-2006-7144
SQL injection vulnerability in Call Center Software 0.93 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the user name in the login page...