99 matches found
Input validation
Cisco Unified Computing System UCS Central Software 1.31b and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856...
Cisco Releases Security Update
Cisco has released a security update to address a vulnerability in its Cisco Unified Computing System UCS Central Software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Cisco...
Cisco UCS Central Software Server Side Request Forgery Security Bypass / Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Unified Computing System UCS Central software could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF or cross-site scripting XSS on a targeted system. SPDX-FileCopyrightText: 2016 Greenbone AG Some text...
Cisco UCS Central Detectioni (HTTP)
This Script performs HTTP based detection of Cisco UCS Central SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Cisco UCS Central Version Detection
This Script consolidate the via SSH or HTTPs detected version of Cisco UCS Central for later use. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
Cisco UCS Central Detection (SSH)
'This script performs SSH based version detection of Cisco UCS Central SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
The vulnerability of the centralized device management system of Cisco Unified Computing System Central and the Cisco Firepower Extensible Operating System allows a perpetrator to execute arbitrary commands.
The vulnerability of the CGI script of the Cisco Unified Computing System Central device management system and the Cisco Firepower Extensible Operating System exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this...
Cisco UCS Central Software Cross-Site Scripting Vulnerability
Cisco Unified Computing System Manager provides unified, embedded management of all hardware and software components within a unified computing system. Cisco Unified Computing System UCS Central does not properly validate user input, and an unauthenticated remote attacker induces a user to click ...
Cisco UCS Central Software Server-Side Request Forgery Vulnerability
Cisco Unified Computing System Manager provides unified, embedded management of all hardware and software components within a unified computing system. Cisco Unified Computing System UCS Central does not properly validate user input, and an unauthenticated, remote attacker sends constructed...
Server side request forgery (ssrf)
Cisco Unified Computing System UCS Central software 1.30.1 allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted request, aka Bug ID CSCux33575...
CVE-2015-6387
The CVE-2015-6387 entry refers to a cross-site scripting (XSS) vulnerability in Cisco UCS Central Software (version 1.3(0.1)). The root cause is insufficient input validation in the web interface, allowing an unauthenticated/remote attacker to inject arbitrary script or HTML via a crafted URL. Im...
CVE-2015-6388
Cisco Unified Computing System UCS Central software 1.30.1 allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted request, aka Bug ID CSCux33575...
Cisco UCS Central Software Directory Traversal Vulnerability
Cisco UCS Central Software is the United States of America Cisco Cisco, a combination of computing, virtualization and networking in one software platform. A directory traversal vulnerability in Cisco UCS Central Software allows remote attackers to read arbitrary files via a crafted HTTP request...
CVE-2015-4286
The web framework in Cisco UCS Central Software 1.30.99 allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377...
Command injection
The web framework in Cisco UCS Central Software 1.30.99 allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377...
CVE-2015-4286
The web framework in Cisco UCS Central Software 1.30.99 allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377...
CVE-2015-4286
CVE-2015-4286 affects Cisco UCS Central Software (web framework) 1.3(0.99). A directory traversal vulnerability allows an unauthenticated, remote attacker to read arbitrary files by sending a crafted HTTP request. Root cause cited as improper input validation. Impact is exposure of sensitive info...
Cisco UCS Central Software File Access Vulnerability
A vulnerability in the web framework of the Cisco UCS Central Software could allow an unauthenticated, remote attacker to download arbitrary files from a targeted device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...
The vulnerability of the Cisco UCS Central device’s centralized management system allows a hacker to execute arbitrary code.
The vulnerability of the web-component of the Cisco UCS Central device management system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially crafted HTTP request from a remote location...
The vulnerability of the Cisco UCS Central device’s centralized management system allows a perpetrator to gain privileges necessary to execute operating system commands.
The vulnerability of the Cisco UCS Central device management system exists because measures to neutralize the special elements used in the operating system command are not taken. Exploiting this vulnerability can allow a malicious actor, operating locally, to gain privileges necessary to execute...