CVE-2013-3439

Cross-site scripting XSS vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182...

Cross site scripting

Cross-site scripting XSS vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182...

CVE-2013-3439

Cross-site scripting XSS vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182...

CVE-2013-3439

The CVE-2013-3439 issue affects Cisco Unified Operations Manager and is described as an HTTP header injection vulnerability that permits cross-site scripting (XSS) via a crafted URL. The root cause is improper validation of application URLs in the web interface, enabling an unauthenticated or rem...

CVE-2013-3440

Multiple cross-site scripting XSS vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186...

CVE-2013-3440

Cisco Unified Operations Manager’s administrative web interface contains multiple XSS vulnerabilities (CVE-2013-3440) due to improper input validation and weak cookie protections. An unauthenticated, remote attacker could lure a user to a crafted URL to execute arbitrary script or hijack sessions...

Cisco Unified Operations Manager Cross-Site Scripting Vulnerability

Vulnerabilities in the administrative web interface of Cisco Unified Operations Manager could allow an unauthenticated, remote attacker to execute cross-site scripting attacks or hijack user sessions. The vulnerabilities are due to a failure to properly validate user supplied input as well as...

Sql injection

SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179...

Cisco Unified Operations Manager HTTP Header Injection Vulnerability

A vulnerability in Cisco Unified Operations Manager could allow an unauthenticated, remote attacker to cause arbitrary HTML or scripts to be executed in a user's browser. The vulnerability is due to a failure to properly validate application URLs. An attacker could exploit this vulnerability by...

CVE-2013-3437

Cisco Unified Operations Manager (UOM) suffers a SQL injection vulnerability in the management application (Bug CSCud80179). An authenticated remote attacker can submit crafted input via an entry field to execute arbitrary SQL commands. The issue stems from improper validation of user-supplied in...

Cisco Unified Operations Manager SQL Injection Vulnerability

A vulnerability in the management application of the Cisco Unified Operations Manager could allow an authenticated, remote attacker to execute arbitrary Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input used in SQL queries. An attacker...

Cross site scripting

Cross-site scripting XSS vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 a...

CVE-2013-3416

CVE-2013-3416 describes an XSS vulnerability in the web framework of Cisco Unified Operations Manager and Unified Service Monitor. The issue allows an unauthenticated, remote attacker to inject arbitrary web script or HTML via an unspecified parameter in the web interface. Cisco’s advisory confir...

CVE-2013-3416

Cross-site scripting XSS vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 a...

CVE-2013-4095

plain/actionsets.html in the SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a command.value field in conjunction with an arguments.value field...

CVE-2013-4093

The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via 1 a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath...

Design/Logic Flaw

The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of 1 a session ID in the jsessionid field to secsphLogin.jsp or 2 credentials in the jpassword parameter to...

Design/Logic Flaw

The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via 1 a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath...

Design/Logic Flaw

The Key Management feature in the SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the 1 privatekey or 2 publickey parameter in a T/keyManagement request to plain/settings.html, as demonstrated b...

CVE-2013-4095

plain/actionsets.html in the SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a command.value field in conjunction with an arguments.value field...