Lucene search
+L

208 matches found

prion
prion
added 2015/07/14 2:59 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the ccmivr page in Cisco Unified Communications Manager formerly CallManager 10.52.10000.5 allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580...

4.3CVSS5.9AI score0.01546EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2015/06/12 10:0 a.m.29 views

CVE-2015-0737

Multiple cross-site scripting XSS vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted 1 GET or 2 POST parameter, aka Bug ID CSCuu11099...

5.7AI score0.01546EPSS
Exploits0References2
nvd
nvd
added 2015/04/17 1:59 a.m.26 views

CVE-2015-0938

search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to bypass intended access restrictions, and list or read arbitrary documents, by providing matching keywords in conjunction with a crafted parameter...

5CVSS6.7AI score0.01462EPSS
Exploits0References2
nvd
nvd
added 2015/04/08 6:59 p.m.24 views

CVE-2015-0248

The 1 moddavsvn and 2 svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service assertion failure and abort via crafted parameter combinations related to dynamically evaluated revision numbers...

5CVSS6.1AI score0.12841EPSS
Exploits0References13
debiancve
debiancve
added 2015/04/08 6:0 p.m.26 views

CVE-2015-0248

The 1 moddavsvn and 2 svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service assertion failure and abort via crafted parameter combinations related to dynamically evaluated revision numbers...

5CVSS6.2AI score0.12841EPSS
Exploits0
nvd
nvd
added 2015/03/09 2:59 p.m.19 views

CVE-2015-2092

The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feature Extraction allows remote attackers to execute arbitrary code via a crafted object parameter in the Insert function, related to "Index Out-Of-Bounds."...

7.5CVSS7.6AI score0.02788EPSS
Exploits0References2
prion
prion
added 2015/02/27 2:59 a.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in zencart-ja aka Zen Cart Japanese edition 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/initincludes/initsanitize.php and...

4.3CVSS6AI score0.02188EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2015/02/27 2:0 a.m.22 views

CVE-2015-0882

Multiple cross-site scripting XSS vulnerabilities in zencart-ja aka Zen Cart Japanese edition 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/initincludes/initsanitize.php and...

5.7AI score0.02188EPSS
Exploits0References4
cvelist
cvelist
added 2014/11/21 2:0 a.m.27 views

CVE-2014-8388

Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ipaddress parameter in an HTML document...

7.7AI score0.01051EPSS
Exploits1References1
exploitpack
exploitpack
added 2014/08/28 12:0 a.m.20 views

PhpWiki - Remote Command Execution

PhpWiki - Remote Command Execution / / / / / / // / / / / / / / \ | /| / / / /// / / / // / // / / // / / / / // / |/ |/ / / ,&2;'+cmd+' 1&2;echo ':::'123 1&2;" -prefab= -csmap= data= alt= help= ','editpreview','Preview','action','edit' cmd1 = urllib2.Requestdomain +'/index.php/HeIp',data cmd2...

0.2AI score
Exploits0
prion
prion
added 2014/07/26 11:11 a.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.02.8 allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060...

4.3CVSS5.9AI score0.01488EPSS
Exploits0References6Affected Software1
nvd
nvd
added 2014/07/19 7:55 p.m.16 views

CVE-2014-3325

Multiple cross-site scripting XSS vulnerabilities in Cisco Unified Customer Voice Portal CVP allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733...

4.3CVSS5.7AI score0.01372EPSS
Exploits0References3
prion
prion
added 2014/07/19 7:55 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Cisco Unified Customer Voice Portal CVP allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733...

4.3CVSS6AI score0.01372EPSS
Exploits0References3
prion
prion
added 2014/07/10 11:6 a.m.17 views

Design/Logic Flaw

The Multiple Analyzer in the Dialed Number Analyzer DNA component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297...

4CVSS6.6AI score0.01805EPSS
Exploits0References6Affected Software1
cvelist
cvelist
added 2014/07/10 10:0 a.m.20 views

CVE-2014-3316

The Multiple Analyzer in the Dialed Number Analyzer DNA component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297...

6.2AI score0.01805EPSS
Exploits0References6
cvelist
cvelist
added 2014/06/13 2:0 p.m.25 views

CVE-2013-4099

Multiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11, as used in JOGAMP, allow context-dependent attackers to execute arbitrary code via a crafted parameter to the 1 alAuxiliaryEffectSlotf1, 2 alBuffer3f1, 3 alBufferfv1, 4 alDeleteEffects1, 5 alEffectf1, 6 alEffectfv1, 7...

7.6AI score0.03106EPSS
Exploits1References4
prion
prion
added 2014/06/10 11:19 a.m.24 views

Cross site scripting

Cross-site scripting XSS vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance ESA 8.0, Web Security Appliance WSA 8.0 .5 Hot Patch 1 and earlier, and Content Security Management Appliance SMA 8.3 and earlier allows remote attackers to inject arbitrary web...

4.3CVSS6AI score0.02426EPSS
Exploits4References8Affected Software1
cvelist
cvelist
added 2014/06/10 10:0 a.m.28 views

CVE-2014-3289

Cross-site scripting XSS vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance ESA 8.0, Web Security Appliance WSA 8.0 .5 Hot Patch 1 and earlier, and Content Security Management Appliance SMA 8.3 and earlier allows remote attackers to inject arbitrary web...

5.5AI score0.02426EPSS
Exploits4References8
checkpoint_advisories
checkpoint_advisories
added 2014/03/16 12:0 a.m.10 views

Nagios core CGI Process_cgivars Off-By-One (CVE-2013-7108)

There exists an Off-By-One flaw in Nagios Core. The problem is caused by improper boundary check when validating the parameters passed to the application. A remote authenticated attacker could exploit this vulnerability by sending a request with a crafted long parameter value resulting in the CGI...

3.7AI score0.59546EPSS
Exploits0
nvd
nvd
added 2014/02/15 2:57 p.m.31 views

CVE-2013-6167

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

6.8CVSS6.2AI score0.01636EPSS
Exploits0References5
Rows per page
Query Builder