CVE-2016-1398

CVE-2016-1398 describes a buffer overflow in the web-based management interface of Cisco RV110W, RV130W, and RV215W routers. The vulnerability arises from improper sanitization of user-supplied input in HTTP requests used to configure the devices via the web UI, allowing an authenticated remote a...

CVE-2016-1289

The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager EPNM 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID...

CVE-2016-1408

Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager EPNM 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488...

Cisco Prime Network Analysis Module Authenticated Remote Code Execution Vulnerability

A vulnerability in the web interface of Cisco Prime Network Analysis Module NAM and Cisco Prime Virtual Network Analysis Module vNAM could allow an authenticated, remote attacker to execute arbitrary commands or code on the host operating system with the privileges of the web server. The...

CVE-2016-1363

Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller WLC Software 7.2 through 7.4 before 7.4.140.0MD and 7.5 through 8.0 before 8.0.115.0ED allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCus25617...

CVE-2016-1362

Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless LAN Controller WLC devices allows remote attackers to cause a denial of service device reload via a crafted HTTP request, aka Bug ID CSCun86747...

Design/Logic Flaw

Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless LAN Controller WLC devices allows remote attackers to cause a denial of service device reload via a crafted HTTP request, aka Bug ID CSCun86747...

CVE-2016-1363

Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller WLC Software 7.2 through 7.4 before 7.4.140.0MD and 7.5 through 8.0 before 8.0.115.0ED allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCus25617...

Design/Logic Flaw

The Java Startup Framework aka jstart in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service process crash via a crafted HTTP request, aka SAP Security Note 2259547...

CVE-2016-1325

The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506...

CVE-2016-1359

Cisco Prime Infrastructure 3.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP request that is mishandled during viewing of a log file, aka Bug ID CSCuw81494...

CVE-2016-2388

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846...

CVE-2016-1929

The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service disk consumption and process crash via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978...

CVE-2015-6417

Cisco Videoscape Distribution Suite Service Manager VDS-SM 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via 1 the GUI or 2 a crafted HTTP request, aka Bug ID CSCuv87025...

CVE-2015-6368

Cisco Firepower Extensible Operating System 1.11.160 on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608...

CVE-2015-6492

Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service memory corruption and device crash via a crafted HTTP request...

Cisco Email Security Appliance Format String Vulnerability

The Cisco Email Security Appliance ESA contains a vulnerability that could allow an unauthenticated, remote attacker to impact the integrity and availability of services and data on the affected device. The impact includes a partial denial of service DoS. In addition, the attacker could override...

Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability

The password change functionality in the Cisco Unified MeetingPlace Web Conferencing application could allow an unauthenticated remote, attacker to change the passwords of arbitrary users. The vulnerability is due to the following: Users are not required to enter the previous password during a...

Directory traversal

Directory traversal vulnerability in Kaseya Virtual System Administrator VSA 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request...

Code injection

Cisco Videoscape Distribution Suite Service Broker aka VDS-SB, when a VDSM configuration on UCS is used, and Videoscape Distribution Suite for Internet Streaming aka VDS-IS or CDS-IS before 3.3.1 R7 and 4.x before 4.0.0 R4 allow remote attackers to cause a denial of service device reload via a...