CVE-2017-3838

Cisco Secure Access Control System (ACS) contains a DOM-based XSS vulnerability that could be exploited by an unauthenticated, remote attacker via the web interface. The issue arises from insufficient input validation of a user-supplied value and affects at least release 5.8(2.5). The CVE entry i...

Cisco Secure Access Control System Cross-Site Scripting Vulnerability (CNVD-2017-02017)

Cisco Secure Access Control System ACS, is the core component of the TrustSec solution of the U.S. Cisco Cisco company, is able to provide RADIUS and TACACS + services of the policy management platform, is the realization of the enterprise network access policy and identity management platform. A...

Cisco Secure Access Control System Open Redirect Vulnerability

Cisco Secure Access Control System ACS, is the core component of the TrustSec solution of the U.S. Cisco Cisco company, is able to provide RADIUS and TACACS + services of the policy management platform, is the realization of the enterprise network access policy and identity management platform. A...

Cisco Secure Access Control System Information Disclosure Vulnerability (CNVD-2017-02014)

Cisco Secure Access Control System ACS, is the core component of the TrustSec solution of the U.S. Cisco Cisco company, is able to provide RADIUS and TACACS + services of the policy management platform, is the realization of the enterprise network access policy and identity management platform. A...

Cisco Secure Access Control System Open Redirect Vulnerability

A vulnerability in the web interface of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

Cisco Secure Access Control System Cross-Site Scripting Vulnerability

A vulnerability in Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting XSS attack against the user of the web interface of the affected system. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be...

Cisco Secure Access Control System Information Disclosure Vulnerability

A vulnerability in the web interface of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to disclose sensitive information. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C ...

Cisco Secure Access Control System XML External Entity Vulnerability

A vulnerability in the web-based user interface of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be...

Cisco Secure Access Control System Information Disclosure Vulnerability

A vulnerability in the web interface of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to disclose sensitive information. The vulnerability is due to the inclusion of sensitive information in a server response when certain pages of the web interface are...

Cisco Secure Access Control System Open Redirect Vulnerability

A vulnerability in the web interface of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit thi...

Cisco Secure Access Control System Cross-Site Scripting Vulnerability

A vulnerability in Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a user-suppli...

Cisco Secure Access Control System XML External Entity Vulnerability

A vulnerability in the web-based user interface of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity XXE wh...

CVE-2016-9345

An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system...

CVE-2016-9345

An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system...

SA141 : OpenSSL Vulnerabilities 26-Jan-2017

SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A remote attacker can exploit these vulnerabilities to cause denial of service and obtain private key information. AFFECTED PRODUCTS The following products are vulnerable:...

[SECURITY] Fedora 24 Update: ikiwiki-3.20170111-1.fc24

Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins...

SA136 : OpenSSH Vulnerabilities

SUMMARY Blue Coat products using affected versions of OpenSSH are susceptible to several vulnerabilities. A remote attacker, with access to the management interface, can exploit these vulnerabilities to enumerate existing user accounts and cause denial of service through excessive CPU consumption...

German Industrial Giant Victim of Cyber Espionage

German industrial conglomerate ThyssenKrupp disclosed last week that technical trade secrets were stolen in a cyberattack that dates back to February. Adversaries, ThyssenKrupp said, engaged in “organized, highly professional hacker activities” and launched their attack from the Southeast Asian...

Design flaws in Microprocessor remote control smart lock system

Microprocessor remote control smart lock system is a smart card identification including proximity card, IC card, TM card, etc.. A design vulnerability exists in the Microprocessor Remote Control Lock Smart Lock System when used in conjunction with the Microprocessor WG2082 Mobile APP Door Lock...

SA135 : OpenSSL Vulnerabilities 10-Nov-2016

SUMMARY Blue Coat products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to cause denial of service and obtain SSL/TLS session key information. AFFECTED PRODUCTS The following products are vulnerable: Director -...