CVE-2024-20255

A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for th...

PT-2024-1685 · Cisco · Cisco Expressway Series +1

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server affected versions not specified Description: A vulnerability in the SOAP API could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSR...

Cross site scripting

A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetchdata.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched...

CVE-2024-1215

A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetchdata.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched...

CVE-2024-1215

A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetchdata.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched...

CVE-2024-1215 SourceCodester CRUD without Page Reload fetch_data.php cross site scripting

A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetchdata.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched...

CVE-2024-1215

CVE-2024-1215 affects SourceCodester CRUD without Page Reload 1.0. The vulnerability resides in fetch_data.php where manipulating the username or city parameter triggers a cross-site scripting (XSS) issue. Exploitation can be performed remotely, and public PoCs/claims exist. The issue is tied to ...

Cisco IOS XE Software Layer 2 Tunneling Protocol DoS (cisco-sa-ios-xe-l2tp-dos-eB5tuFmV)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the Layer 2 Tunneling Protocol L2TP feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device...

Cisco Small Business Security Vulnerabilities

Cisco Small Business is a switch from Cisco USA. A security vulnerability exists in Cisco Small Business that stems from incorrect ACL handling on the stack configuration when the primary or standby switch undergoes a full stack reload or power cycle...

PT-2024-1298 · Cisco · Cisco Business 350 Series Managed Switches +1

Name of the Vulnerable Software and Affected Versions: Cisco Business 250 Series Smart Switches affected versions not specified Cisco Business 350 Series Managed Switches affected versions not specified Description: A vulnerability with the access control list ACL management within a stacked swit...

GHSA-PXMR-Q2X3-9X9M Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)

Summary The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd, reloadcmd and restartcmd. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sendi...

Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)

Summary The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd, reloadcmd and restartcmd. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sendi...

PT-2023-8393 · Nginx-Ui · Nginx-Ui

Name of the Vulnerable Software and Affected Versions: Nginx-ui versions prior to 2.0.0.beta.9 Description: The issue is related to the Nginx UI server, where the API exposes certain settings such as test config cmd, reload cmd, and restart cmd, which can be modified by sending a request to the...

Important: firefox

Issue Overview: A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering it was...

Rockwell Automation Stratix Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak (CVE-2016-1350)

A vulnerability in the Session Initiation Protocol SIP gateway implementation in Cisco IOS, IOS XE, and Cisco Unified Communications Manager Software could allow an unauthenticated, remote attacker to cause a memory leak and eventual reload of an affected device. The vulnerability is due to...

Rockwell Automation Stratix 5900 Improper Input Validation (CVE-2014-2109)

A vulnerability in the TCP Input module of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of the affected device which could lead to a denial of service DoS condition. The vulnerability is due to the way certain sequences of TCP packets are...

Rockwell Automation Stratix Cisco IOS Software IPsec Denial of Service (CVE-2014-3299)

A vulnerability in IPsec processing of Cisco IOS Software could allow an authenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper processing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec...

Rockwell Automation Stratix Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service (CVE-2016-6381)

A vulnerability in the Internet Key Exchange version 1 IKEv1 fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an exhaustion of available memory or a reload of the affected system. The vulnerability is due to the improper handling of...

Rockwell Automation Stratix Industrial Managed Ethernet Switch Improper Input Validation (CVE-2018-0173)

A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 DHCPv4 packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The...

Rockwell Automation Stratix Cisco IOS and IOS XE Software DNS Forwarder Denial of Service (CVE-2016-6380)

A vulnerability in the DNS forwarder functionality of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, corrupt the information present in the device's local DNS cache, or read part of the process memory. The vulnerability is due to a fla...