Lucene search
K

9527 matches found

Cvelist
Cvelist
added 2013/03/07 8:0 p.m.24 views

CVE-2013-1153

Cross-site request forgery CSRF vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676...

7.2AI score0.00576EPSS
Exploits0References1
CVE
CVE
added 2013/03/07 8:0 p.m.64 views

CVE-2013-1153

Cisco Prime Infrastructure suffers a CSRF vulnerability in its web interface (CVE-2013-1153). An unauthenticated, remote attacker could trick a user into submitting arbitrary requests to the device with the user’s privileges. Cisco’s advisory notes that software updates are not available to remed...

6.8CVSS7.4AI score0.00576EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2013/03/07 12:55 a.m.21 views

CVE-2012-5053

Cross-site scripting XSS vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01148EPSS
Exploits0References3
Prion
Prion
added 2013/03/07 12:55 a.m.10 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.01148EPSS
Exploits0References3
CVE
CVE
added 2013/03/07 12:0 a.m.53 views

CVE-2012-5053

CVE-2012-5053 affects Trimble Infrastructure GNSS Series Receivers: NetR3/NetR5/NetR8/NetR9 vulnerable in their Receiver Web User Interface prior to firmware 4.70, and NetRS prior to 1.3-2. The issue is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary HTML/script...

4.3CVSS5.8AI score0.01148EPSS
Exploits0References3Affected Software4
Cvelist
Cvelist
added 2013/03/07 12:0 a.m.20 views

CVE-2012-5053

Cross-site scripting XSS vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.7AI score0.01148EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2013/03/06 9:32 p.m.10 views

Groundbreaking Cyber Fast Track Research Program Ending

VANCOUVER–When Peiter Zatko, the security researcher and pioneering hacker known as Mudge, joined the federal government several years ago to help run a DARPA research program, some in the security industry wondered what effect someone with his background could have in an organization as famously...

7.2AI score
Exploits0References3
Cisco
Cisco
added 2013/03/06 9:15 p.m.26 views

Cisco Prime Infrastructure Cross-Site Request Forgery Vulnerability

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this...

4.3CVSS3.5AI score0.00576EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/02/27 4:58 p.m.7 views

Moderate: Red Hat Bug Fix Advisory: Red Hat Update Infrastructure 2.1.1 bug fix update

Updated Red Hat Update Infrastructure 2.1.1 packages that fix several bugs are now available. Red Hat Update Infrastructure RHUI is a collection of technologies that offers cloud providers the ability to easily deploy Red Hat solutions into their environments. The rh-rhui-tools package has a seri...

2.1CVSS6.5AI score0.00361EPSS
Exploits0References24
ThreatPost
ThreatPost
added 2013/02/26 7:43 p.m.11 views

RSA Conference 2013: Experts Say It's Time to Prepare for a 'Post-Crypto' World

SAN FRANCISCO–In the current climate of continuous attacks and intrusions by APT crews, government-sponsored groups and others organizations, cryptography is becoming less and less important and defenders need to start thinking about new ways to protect data on systems that they assume are...

7.1AI score
Exploits0References4
securityvulns
securityvulns
added 2013/02/24 12:0 a.m.76 views

[USN-1734-1] OpenStack Nova vulnerability

========================================================================== Ubuntu Security Notice USN-1734-1 February 21, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5CVSS1AI score0.04863EPSS
Exploits1
ThreatPost
ThreatPost
added 2013/02/21 4:25 p.m.9 views

Markey: GRID Act Passage Long Overdue

Representative Ed Markey D-MA is urging the Chairman of the House Committee on Energy and Commerce, Fred Upton R-MI, to take immediate action toward passing the Grid Reliability and Infrastructure Defense GRID Act, which Markey calls a bipartisan bill aimed at hardening the nation’s electrical gr...

0.9AI score
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2013/02/20 12:0 a.m.16 views

EMC Data Protection Advisor Web UI Detection

The report web server is the Web UI for EMC Data Protection Advisor, an automated analysis and alerting system for backup and replication infrastructure. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid64702; scriptversion"1.4"; scriptcvsdate"Date: 2019/11/25";...

5.4AI score
Exploits0References1
ThreatPost
ThreatPost
added 2013/02/14 4:28 p.m.9 views

CAs Form New Alliance to Focus on Security Issues, Education

A group of large certificate authorities, including some that have been the victims of recent compromises of their CA systems, have formed an alliance designed to develop strategies for strengthening the CA infrastructure through education and industry initiatives. Comodo, DigiCert, Entrust,...

1.8AI score
Exploits0References7
The Coalfire Blog
The Coalfire Blog
added 2013/02/14 3:23 p.m.10 views

White House Executive Order on Cyber Security

The tense standoff between an unresponsive Congress and a reluctant critical infrastructure industry has been broken. On February 13, 2013, the President issued an Executive Order that provides initial guidance for the country to confront escalating cyber threats. Finally, we have someone with th...

1.3AI score
Exploits0
ThreatPost
ThreatPost
added 2013/02/13 8:19 p.m.34 views

Vulnerability Patched in Schneider Electric ICS Gear

The Industrial Control System CERT released an advisory this week warning of a vulnerability in a popular sensor monitoring system used in a number of critical industries, including energy, water and manufacturing. Aaron Portnoy of Exodus Intelligence discovered the flaw in the Windows-based...

10CVSS7.4AI score0.21527EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2013/02/13 5:5 p.m.12 views

GAO: FCC Network Fortification Project Fails

The Government Accountability Office has determined that the Federal Communications Commission failed to properly implement necessary security controls in the initial phases of its Enhanced Secured Networks project, and, as a result, FCC data remains vulnerable to “unnecessary risk of inadvertent...

1.1AI score
Exploits0References1
ThreatPost
ThreatPost
added 2013/02/13 4:36 p.m.15 views

Cybersecurity Executive Order Short on Action, Long on Voluntary Initiatives

The executive order that President Barack Obama signed yesterday in advance of his State of the Union Address contains a lot of provisions for information sharing on attacks and threats on critical infrastructure, and also calls for the development of a framework to reduce cybersecurity risks in...

0.9AI score
Exploits0References2
ThreatPost
ThreatPost
added 2013/02/12 5:59 p.m.8 views

Obama Cybersecurity Executive Order Expected Tomorrow

This week figures to be a high-profile time for cybersecurity on Capitol Hill. Reports say President Barack Obama will issue a long-awaited executive order shortly after tonight’s State of the Union address, while another stab at getting the controversial CISPA cybersecurity bill signed into law...

7.2AI score
Exploits0References7
ThreatPost
ThreatPost
added 2013/02/05 5:23 p.m.12 views

SCADA, ICS Bug Brokering Mirrors IT Vulnerability Market

SAN JUAN, Puerto Rico – The world of SCADA and industrial control system vulnerabilities is starting to mirror that of IT security, not only in the demonstration and exploitation of zero-day vulnerabilities, but in the brokering of flaws and exploits between hackers and organizations interested i...

0.2AI score
Exploits0References2
Rows per page
Query Builder