CVE-2019-1863

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker coul...

Input validation

A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by...

Authentication flaw

A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is...

CVE-2019-1970 Cisco Firepower Threat Defense Software File Policy Bypass Vulnerability

A vulnerability in the Secure Sockets Layer SSL/Transport Layer Security TLS protocol inspection engine of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors...

Cross site request forgery (csrf)

An issue was discovered in PrinterOn Central Print Services CPS through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request...

Schneider Electric Modicon Multiple Authentication Bypass Vulnerabilities (CVE-2018-7809; CVE-2018-7810; CVE-2018-7811)

Multiple authentication bypass vulnerabilities exist in Schneider Electric Modicon. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the affected page. Successful exploitation results in the attacker being able to change the password for...

CVE-2019-1917

A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by...

CVE-2019-13086

core/MYSecurity.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrfcsz parameter...

CVE-2019-1619

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session...

Spoofing

A vulnerability in the vManage web-based UI Web UI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An...

CVE-2019-1626 Cisco SD-WAN Solution Privilege Escalation Vulnerability

A vulnerability in the vManage web-based UI Web UI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An...

IBM API Connect Information Disclosure Vulnerability (CNVD-2019-18508)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.8.6 iFix 1. An...

CVE-2019-11356

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name...

Sql injection

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplie...

CVE-2019-1824 Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplie...

CVE-2019-1825 Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplie...

The vulnerability of the session management function in the web interface of Cisco microprogramming software for routers of the Small Business RV320 and RV325 series allows a hacker to gain control over an existing user session.

The vulnerability of the session management function in Cisco microprogramming system routers of the Small Business RV320 and RV325 series is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain control over...

Session fixation

A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. An attacker could use this impersonated...

CVE-2019-3935

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated attacker can use this vulnerability to start, stop, and disconnect active slideshows...

CVE-2019-11217

The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request...