221 matches found
CVE-2019-10060
The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability...
Buffer overflow
The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability...
CVE-2019-10060
The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability...
CVE-2019-10060
The CVE-2019-10060 issue affects Verix Multi-app Conductor for Verifone Verix (version 2.7). The vulnerability is a buffer overflow in a configuration key value that enables arbitrary code execution and requires the attacker to download files to the device. Several connected sources (Red Hat, CNV...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ versions 8 used by IBM Spectrum Conductor with Spark 2.2.0, 2.2.1 and IBM Spectrum Conductor 2.3.0. IBM Spectrum Conductor has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the...
The vulnerability in the web interface of software for Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server allows a perpetrator to compromise the integrity of protected information.
The vulnerability of the software web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server lies in insufficiently checking incoming requests. Exploiting this vulnerability allows a malicious actor to compromise the integrity of...
CVE-2019-1679 Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server REST API Server-Side Request Forgery Vulnerability
A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server VCS Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack ...
CVE-2019-1679 Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server REST API Server-Side Request Forgery Vulnerability
A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server VCS Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack ...
CVE-2019-1679
Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) REST API are affected by CVE-2019-1679 due to insufficient access controls, enabling an authenticated, remote attacker to trigger an HTTP request from the vulnerable server to an arbitra...
PT-2019-1382 · Cisco · Cisco Telepresence Video Communication Server +2
Name of the Vulnerable Software and Affected Versions: Cisco TelePresence Conductor versions prior to XC4.3.4 Cisco Expressway Series versions prior to XC4.3.4 Cisco TelePresence Video Communication Server versions prior to XC4.3.4 Description: The issue is related to insufficient access controls...
Security Bulletin: Vulnerability in Apache Commons FileUpload DiskFileItem File Manipulation affects IBM Spectrum Conductor with Spark 2.2.0 (CVE-2016-1000031)
Summary A security vulnerability relating to remote code execution CVE-2016-1000031 has been reported against Apache Commons FileUpload DiskFileItem File Manipulation, which IBM Spectrum Conductor with Spark 2.2.0 uses as a framework for some services. Commons FileUpload 1.3.3 addresses this...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Conductor with Spark
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Spectrum Conductor with Spark. These issues were disclosed as part of the IBM Java updates in January 2018. Vulnerability Details CVEID: CVE-2018-2579 DESCRIPTION: An unspecified vulnerability in Oracle Ja...
Security Bulletin: A vulnerability in Apache Struts 2 affects IBM Spectrum Conductor with Spark (CVE-2017-9787, CVE-2017-9804, and CVE-2017-12611)
Summary Several security vulnerabilities CVE-2017-9787 S2-049 CVE-2017-9804 S2-050 CVE-2017-12611 S2-053 have been reported against Apache Struts 2, which IBM Spectrum Conductor with Spark uses as a framework for its WEBGUI service. Struts 2.3.34 addresses these vulnerabilities and can be applied...
Cisco Expressway Series, Cisco TelePresence Video Communication Server, and Cisco TelePresence Conductor REST API Denial of Service Vulnerability
A vulnerability in the cluster database CDB management component of Cisco Expressway Series Software, Cisco TelePresence Video Communication Server VCS Software, and Cisco TelePresence Conductor Software could allow an authenticated, remote attacker to cause the CDB process on an affected system ...
The vulnerability of the microprogramming software of the Cisco TelePresence Conductor conference call control device allows a intruder to gain access to the device.
The vulnerability of the control interface for microprogramming-based conference communication devices like Cisco TelePresence Conductor is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to the device using a...
Design/Logic Flaw
Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408...
CVE-2015-0747
Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408...
CVE-2015-0747
CVE-2015-0747 affects Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release. A remote attacker can inject arbitrary cookies by sending a crafted HTTP request due to improper input validation of an HTTP header, potentially taking control of an HTTP session. Cisco’s advisory confirms ...
Cisco Conductor for Videoscape and Cisco Headend System Release HTTP Injection Vulnerability
A vulnerability in the Cisco Conductor for Videoscape and Cisco Headend System Releases could allow an unauthenticated, remote attacker to inject arbitrary HTTP cookies via an HTTP request. The vulnerability is due to improper input validation of an HTTP request header. An attacker could exploit...
Cisco TelePresence Conductor Login Security Bypass Vulnerability
According to its self-reported version number, the Cisco TelePresence Conductor on the remote host contains an vulnerability due to inadequate validation of parameters passed during the login process. A remote attacker, using a crafted request and knowledge of a valid user name, can bypass...