208 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the ccmivr page in Cisco Unified Communications Manager formerly CallManager 10.52.10000.5 allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580...
CVE-2015-0737
Multiple cross-site scripting XSS vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted 1 GET or 2 POST parameter, aka Bug ID CSCuu11099...
CVE-2015-0938
search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to bypass intended access restrictions, and list or read arbitrary documents, by providing matching keywords in conjunction with a crafted parameter...
CVE-2015-0248
The 1 moddavsvn and 2 svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service assertion failure and abort via crafted parameter combinations related to dynamically evaluated revision numbers...
CVE-2015-0248
The 1 moddavsvn and 2 svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service assertion failure and abort via crafted parameter combinations related to dynamically evaluated revision numbers...
CVE-2015-2092
The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feature Extraction allows remote attackers to execute arbitrary code via a crafted object parameter in the Insert function, related to "Index Out-Of-Bounds."...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in zencart-ja aka Zen Cart Japanese edition 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/initincludes/initsanitize.php and...
CVE-2015-0882
Multiple cross-site scripting XSS vulnerabilities in zencart-ja aka Zen Cart Japanese edition 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/initincludes/initsanitize.php and...
CVE-2014-8388
Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ipaddress parameter in an HTML document...
PhpWiki - Remote Command Execution
PhpWiki - Remote Command Execution / / / / / / // / / / / / / / \ | /| / / / /// / / / // / // / / // / / / / // / |/ |/ / / ,&2;'+cmd+' 1&2;echo ':::'123 1&2;" -prefab= -csmap= data= alt= help= ','editpreview','Preview','action','edit' cmd1 = urllib2.Requestdomain +'/index.php/HeIp',data cmd2...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.02.8 allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060...
CVE-2014-3325
Multiple cross-site scripting XSS vulnerabilities in Cisco Unified Customer Voice Portal CVP allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Cisco Unified Customer Voice Portal CVP allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733...
Design/Logic Flaw
The Multiple Analyzer in the Dialed Number Analyzer DNA component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297...
CVE-2014-3316
The Multiple Analyzer in the Dialed Number Analyzer DNA component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297...
CVE-2013-4099
Multiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11, as used in JOGAMP, allow context-dependent attackers to execute arbitrary code via a crafted parameter to the 1 alAuxiliaryEffectSlotf1, 2 alBuffer3f1, 3 alBufferfv1, 4 alDeleteEffects1, 5 alEffectf1, 6 alEffectfv1, 7...
Cross site scripting
Cross-site scripting XSS vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance ESA 8.0, Web Security Appliance WSA 8.0 .5 Hot Patch 1 and earlier, and Content Security Management Appliance SMA 8.3 and earlier allows remote attackers to inject arbitrary web...
CVE-2014-3289
Cross-site scripting XSS vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance ESA 8.0, Web Security Appliance WSA 8.0 .5 Hot Patch 1 and earlier, and Content Security Management Appliance SMA 8.3 and earlier allows remote attackers to inject arbitrary web...
Nagios core CGI Process_cgivars Off-By-One (CVE-2013-7108)
There exists an Off-By-One flaw in Nagios Core. The problem is caused by improper boundary check when validating the parameters passed to the application. A remote authenticated attacker could exploit this vulnerability by sending a request with a crafted long parameter value resulting in the CGI...
CVE-2013-6167
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...