Cisco Access Control System Cross-Site Scripting Vulnerability

The Cisco Secure Access Control System is the access policy control platform. A security vulnerability in the Web management interface of the Cisco Secure Access Control System ACS allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to...

Cisco Access Control System Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. SPDX-FileCopyrightText: 2017 Greenbone ...

Cisco Access Control System Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficien...

Siemens SIMATIC Logon

CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC Logon Vulnerability: Out-of-Bounds Write AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following SIMATIC Logon products: SIMATIC Logon: All versions prior to V1.6 IMPA...

Siemens SIPROTEC 4 and SIPROTEC Compact

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication AFFECTED PRODUCTS Siemens reports that the vulnerabilities affect the...

OSIsoft PI Server 2017

CVSS v3 8.9 ATTENTION: Remotely exploitable. Vendor: OSIsoft Equipment: PI Server 2017 Vulnerabilities: Improper Authentication AFFECTED PRODUCTS OSIsoft reports that the vulnerabilities affect the following PI Server products: PI Data Archive versions prior to 2017. IMPACT Successful exploitatio...

Cisco Releases Security Updates

Cisco has released updates to address several vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system. Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary...

Git: Security bypass

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description Timo Schmid discovered that the Git restricted shell incorrectly filtered allowed commands. Impact A remote attacker...

Hanwha Techwin SRN-4000

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Hanwha Techwin Equipment: SRN-4000 Vulnerability: Unauthenticated Access AFFECTED PRODUCTS The following versions of SRN-4000, a network video management platform, are affected: SRN-4000 firmware versions prior to...

Advantech B+B SmartWorx MESR901

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech B+B SmartWorx Equipment: MESR901 Vulnerability: Use of Client-Side Authentication AFFECTED PRODUCTS The following versions of MESR901, a Modbus gateway, are affected: MESR901 firmware versions 1.5.2 and prio...

Wecon Technologies LEVI Studio HMI Editor

CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Wecon Technologies Equipment: LEVI Studio HMI Editor Vulnerabilities: Heap-Based Buffer Overflow, Stack-Based Buffer Overflow AFFECTED PRODUCTS The following versions of LEVI Studio HMI Editor, a HMI programming...

Microsoft Windows Monthly Rollup (KB4015549)

This host is missing a monthly rollup according to Microsoft security update KB4015549. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2017-3840

A vulnerability in the web interface of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability. More Information: CSCvc04849. Known Affected Releases: 5.82.5...

CVE-2017-3839

An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases:...

CVE-2017-3839

An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases:...

CVE-2017-3838

A vulnerability in Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting XSS attack against the user of the web interface of the affected system. More Information: CSCvc04838. Known Affected Releases: 5.82.5...

CVE-2017-3840

A vulnerability in the web interface of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability. More Information: CSCvc04849. Known Affected Releases: 5.82.5...

CVE-2017-3839

An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases:...

CVE-2017-3840

CVE-2017-3840 is a open redirect vulnerability in the web interface of Cisco Secure Access Control System (ACS). An unauthenticated remote attacker could cause a user to be redirected to a malicious URL due to improper input validation of HTTP parameters. The issue affects Cisco ACS and is docume...

CVE-2017-3839

CVE-2017-3839 is an XML External Entity (XXE) vulnerability in Cisco Secure Access Control System (ACS) web UI. An unauthenticated, remote attacker could read part of the information stored on the affected device. Root cause: improper handling of XML entities in the web framework. Affected releas...