CVE-2019-15276

CVE-2019-15276: Cisco Wireless LAN Controller HTTP parsing DoS . The vulnerability affects Cisco WLC software (versions 8.4–8.9, 8.10 fixed) where the HTTP parsing engine fails to handle specially crafted URLs. An attacker with low privileges (or a user who can be lured to click a crafted URL) ca...

CVE-2019-1010191

marginalia 1.6 is affected by: SQL Injection. The impact is: The impact is a injection of any SQL queries when a user controller argument is added as a component. The component is: Affects users that add a component that is user controller, for instance a parameter or a header. The attack vector...

CVE-2018-5492

NetApp E-Series SANtricity OS Controller Software 11.30 and later version 11.30.5 is susceptible to unauthenticated remote code execution...

Input validation

A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...

CVE-2018-0350

A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...

CVE-2018-0348

A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to t...

Input validation

A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...

Input validation

A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due t...

CVE-2018-0344

A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient...

CVE-2018-0350

A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...

CVE-2018-0351

A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...

CVE-2018-0349

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected...

CVE-2018-0252

A vulnerability in the IP Version 4 IPv4 fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. The...

CVE-2018-0130

A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static default credentials f...

CVE-2018-0130

CVE-2018-0130 affects Cisco Elastic Services Controller (ESC) Software Release 3.0.0. The issue arises from static default credentials used by the web-based service portal, allowing an unauthenticated, remote attacker to obtain an administrative session token and gain admin access. Exploitation i...

CVE-2018-0130

A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static default credentials f...

Xerox WorkCentre Multiple Unspecified Vulnerabilities (XRX10-003)

According to its model number and software version, the remote host is a Xerox WorkCentre device that is affected by multiple and as-yet unspecified vulnerabilities. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid47106; scriptversion"1.7"; scriptcvsdate"Date:...

Xerox WorkCentre Multiple OpenSSL Vulnerabilities (XRX07-001)

According to its model number and software version, the remote host is a Xerox WorkCentre device that reportedly suffers from multiple issues in the ESS / Network Controller that could allow remote execution of arbitrary code on the affected device, initiation of denial of service attacks, and...

Hosting Controller 0.6.1 - User Registration (1)

Domain: Username: INP...