17 matches found
EUVD-2018-7323
Malware in sbrugna...
EUVD-2018-7322
Malware in sbrugna...
EUVD-2018-1291
Malware in sbrugna...
Cisco Energy Management Suite Default PostgreSQL Password Vulnerability
The version of Cisco Energy Management Suite installed on the remote host is prior to 5.2.3. It, therefore, potentially has a default password for the postgres account for the bundled PostgresSQL database. An unauthenticated, local attacker can exploit this to gain privileged or administrator...
The vulnerability in the web interface of the Cisco Energy Management Suite, related to incorrect restrictions on XML references to external objects (XXE), allows an attacker to disclose or modify sensitive information.
The vulnerability in the web interface of the Cisco Energy Management Suite relates to incorrect restrictions on XML references to external objects XXE. Exploiting this vulnerability could allow an attacker to disclose or modify sensitive information...
Design/Logic Flaw
A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite CEMS could allow an authenticated, local attacker to access and alter confidential data. The vulnerability is due to the installation of the PostgreSQL database with unchanged default...
CVE-2018-0468
A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite CEMS could allow an authenticated, local attacker to access and alter confidential data. The vulnerability is due to the installation of the PostgreSQL database with unchanged default...
CVE-2018-0468
A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite CEMS could allow an authenticated, local attacker to access and alter confidential data. The vulnerability is due to the installation of the PostgreSQL database with unchanged default...
CVE-2018-0468
A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite CEMS could allow an authenticated, local attacker to access and alter confidential data. The vulnerability is due to the installation of the PostgreSQL database with unchanged default...
Cisco Energy Management Suite Default PostgreSQL Password Vulnerability
A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite CEMS could allow an authenticated, local attacker to access and alter confidential data. The vulnerability is due to the installation of the PostgreSQL database with unchanged default...
The vulnerability in the web interface of the Cisco Energy Management Suite allows a perpetrator to perform cross-site fraudulently.
The vulnerability of the Cisco Energy Management Suite’s web interface relates to the lack of authentication for HTTP requests. Exploiting this vulnerability allows a remote attacker to perform cross-site fraudulently, and to carry out arbitrary actions on the vulnerable device under the user’s...
Cross site request forgery (csrf)
A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
CVE-2018-15445
A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
CVE-2018-15444 Cisco Energy Management Suite XML External Entity Vulnerability
A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity XXE entri...
CVE-2018-15445 Cisco Energy Management Suite Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
Cisco Energy Management Suite XML External Entity Injection Vulnerability
Cisco Energy Management Suite is the United States Cisco Cisco company's set of energy management suite. The product is mainly used to manage network equipment such as energy management. An XML external entity injection vulnerability exists in the web-based user interface of the Cisco Energy...
Cisco Energy Management Suite Detection
Detection of Cisco Energy Management Suite. The script sends a connection request to the server and attempts to detect Cisco Energy Management Suite and to extract its version. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...