The vulnerability of the Cisco Unified Computing System Central’s centralized device management system allows a intruder to inject arbitrary Web or HTML code.

The vulnerability of the control interface of the Cisco Unified Computing System Central device exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code by entering special parameters...

DNS BIND server vulnerability, allowing attackers to cause service failures

The vulnerability of the BIND DNS server component exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to cause service failures—such as the appearance of an “Assertion Failure” error and the termination of the daemon—by using a specially...

Ganeti RESTful Control Interface Denial of Service Vulnerability

Ganeti is a suite of virtual machine management software based on Xen Virtual Machine Manager and other open source software. The software supports Xen virtualization technology, disk management and more. A denial of service vulnerability exists in Ganeti. A remote attacker could exploit this...

CVE-2014-3440

The Agent Control Interface in the management server in Symantec Critical System Protection SCSP 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to...

Design/Logic Flaw

The Agent Control Interface in the management server in Symantec Critical System Protection SCSP 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to...

CVE-2014-3440

The Agent Control Interface in the management server in Symantec Critical System Protection SCSP 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to...

RedHat Update for qemu-kvm RHSA-2014:0704-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Dell TrueMobile 2300 Remote Credential Reset Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15770/info It is possible for remote attackers to gain control of a target TrueMobile 2300 running firmware versions 3.0.0.8 and 5.1.1.6. Other versions are likely affected. The vulnerability appears to be in an...

CVE-2014-0680

Cross-site scripting XSS vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine ISE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038...

Cross site scripting

Cross-site scripting XSS vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine ISE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038...

Cisco Identity Services Engine HTTP Control Interface for NAC Web Agent Cross-Site Scripting Vulnerability

A vulnerability in the HTTP control interface for NAC Web Agent of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabili...

CVE-2014-0680

Cross-site scripting XSS vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine ISE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038...

kernel: drivers/scsi/mpt2sas: prevent heap overflows

drivers/scsi/mpt2sas/mpt2sasctl.c in the Linux kernel 2.6.38 and earlier does not validate 1 length and 2 offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service memory corruption, or obtain sensitive information from...

[Full-disclosure] Secunia Research: Motion "read_client()" HTTP Request Buffer Overflow

====================================================================== Secunia Research 23/06/2008 - Motion "readclient" HTTP Request Buffer Overflow - ====================================================================== Table of Contents Affected...

CVE-2008-2654

Off-by-one error in the readclient function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and...

CVE-2008-2654

Off-by-one error in the readclient function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and...

CVE-2008-2654

Off-by-one error in the readclient function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and...