CVE-2017-6668

Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager CUCDM could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected...

CVE-2017-6668

CVE-2017-6668 affects the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM). The issue is an SQL Injection caused by insufficient validation of user-supplied input in HTTP request parameters, allowing an authenticated, remote attacker to impact confidentiality by executing arbi...

CVE-2017-6618

A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC 3.01c could allow an authenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker cou...

CVE-2017-6616

A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC 3.01c could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are...

CVE-2017-6619

A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC 3.01c could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP inpu...

CVE-2017-6616

A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC 3.01c could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are...

CVE-2017-6617

Cisco IMC (Integrated Management Controller) 3.0(1c) Web GUI is vulnerable to session hijacking due to not issuing a new session identifier after user authentication. An unauthenticated, remote attacker could reuse a hijacked session to access an authenticated user’s browser session. This is docu...

CVE-2017-3831

A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for...

Ubiquiti Inc.: [EdgeSwitch] Web GUI command injection as root with Privilege-1 and Privilege-15 users

The researcher found a privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user Privilege-1 to escalate privileges and became administrator Privilege-15. OS command injection i...

Picosafe Web Gui - Multiple Vulnerabilities

Exploit for php platform in category web applications - Title : Picosafe Web Gui - Multiple Vulnerabilities - Author : Shahab Shamsi - Vendor : https://github.com/embeddedprojects/picosafewebgui - Category : Webapps - Date : 01.October.2016 Vulnerable page :...

Picosafe Web GUI - Multiple Vulnerabilities

Title : Picosafe Web Gui - Multiple Vulnerabilities - Author : Shahab Shamsi - Vendor : https://github.com/embeddedprojects/picosafewebgui - Category : Webapps - Date : 01.October.2016 Vulnerable page : picosafewebgui/webinterface/js/filemanager/filemanager.php ========================== | Remote...

Picosafe Web GUI - Multiple Vulnerabilities

Picosafe Web GUI - Multiple Vulnerabilities - Title : Picosafe Web Gui - Multiple Vulnerabilities - Author : Shahab Shamsi - Vendor : https://github.com/embeddedprojects/picosafewebgui - Category : Webapps - Date : 01.October.2016 Vulnerable page :...

Riverbed SteelCentral NetProfiler / NetExpress 10.8.7 XSS / Code Execution

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Riverbed SteelCentral NetProfiler & NetExpress Multiple Vulnerabilities Affected versions: SteelCentral NetProfiler = 10.8.7 & SteelCentral NetExpress...

pfSense 2.3.1-RELEASE-p1 Squid 0.4.16_2 XSS / Log Manipulation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I. VULNERABILITY - ------------------------- Multiple vulnerabilities in squid 0.4.162 running on pfSense Version 2.3.1-RELEASE-p1 II. BACKGROUND - ------------------------- The pfSense project is a free network firewall distribution, based on the...

SIDU 5.3 Cross Site Scripting

Exploit Title: SIDU 5.3 Database Web GUI Multiple XSS Vulnerabilities Date: 04.04.2016 Exploit Author: Ozer Goker Vendor Homepage: http://topnew.net/sidu/ Software Link: https://sourceforge.net/projects/sidu/files/sidu/sidu53.zip Version: app version 5.3 XSS details: XSS1 URL...

SIDU 5.2 Cross Site Scripting

Exploit Title: SIDU 5.2 Database Web GUI Multiple XSS Vulnerabilities Date: 04.04.2016 Exploit Author: Ozer Goker Vendor Homepage: http://topnew.net/sidu/ Software Link: https://sourceforge.net/projects/sidu/files/sidu/sidu52.zip Version: app version 5.2 XSS details: XSS1 URL...

Citrix Systems NetScaler Application Delivery Controller and NetScaler Gateway Privilege Gain Vulnerability

Citrix Systems NetScaler ADC is a suite of service and application delivery solutions; NetScaler Gateway is a secure remote access solution. A security vulnerability exists in Citrix Systems NetScaler ADC and NetScaler Gateway that allows a remote attacker to gain privileges using NS Web GUI...

CVE-2016-2071

Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands...

Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates (CTX206001)

A number of vulnerabilities have been identified in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway that could allow a malicious, unprivileged user to perform privileged operations or execute commands. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions mig...

Design/Logic Flaw

The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330...