CVE-2016-1303

The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330...

CVE-2016-1303

The CVE-2016-1303 entry concerns the Cisco Small Business 500 Series devices, where the web GUI on version 1.2.0.92 can be remotely abused to cause a denial of service by sending a crafted HTTP request (Bug ID CSCul65330). Affected products are Cisco Small Business 500 devices with a web-based GU...

Cisco Connected Grid Network Management System Elevation of Privilege Vulnerability

Cisco Connected Grid Network Management System CG-NMS is an end-to-end smart grid management system from Cisco. A security vulnerability exists in the web GUI of Cisco CG-NMS version 3.00.35 and 3.00.54. A remote attacker can exploit the vulnerability via the Monitor-Only role to bypass establish...

CVE-2015-6362

The web GUI in Cisco Connected Grid Network Management System CG-NMS 3.00.35 and 3.00.54 allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640...

Design/Logic Flaw

The web GUI in Cisco Connected Grid Network Management System CG-NMS 3.00.35 and 3.00.54 allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640...

CVE-2015-6362

CVE-2015-6362 affects Cisco Connected Grid Network Management System (CG-NMS) web GUI in versions 3.0(0.35) and 3.0(0.54). The issue arises from insufficient authorization controls, allowing remote authenticated users in the Monitor-Only role to bypass restrictions and modify configuration. The r...

CVE-2015-6362

The web GUI in Cisco Connected Grid Network Management System CG-NMS 3.00.35 and 3.00.54 allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640...

Cisco Connected Grid Network Management System Privilege Escalation Vulnerability

A vulnerability in the web GUI of Cisco Connected Grid Network Management System could allow an authenticated, remote attacker to perform limited configuration changes while logged in as a user having the Monitor-Only role. The vulnerability is due to insufficient authorization controls. An...

CVE-2015-6344

The web-based GUI in Cisco Adaptive Security Appliance ASA CX Context-Aware Security 9.34.1.11 allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105...

Cisco ASA CX Context-Aware Security Web GUI Unauthorized Access Vulnerability

A vulnerability in the web-based GUI of Cisco Adaptive Security Appliance ASA CX Context-Aware Security could allow an authenticated, remote attacker to enumerate users and read user information without belonging to a role that allows those operations. The vulnerability is due to insufficient...

Automate Vulnerability Scanning: Seccubus

Seccubus automates regular vulnerability scans with vrious tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. The goal is to reduce the analysis time for subsequent scans of the same infrastructure by only reporting delta findings...

SQLMAP-Web-GUI - Web GUI to drive near full functionality of SQLMAP

PHP Frontend to work with the SQLMAP JSON API Server sqlmapapi.py to allow for a Web GUI to drive near full functionality of SQLMAP! Here is a few quick videos to show that almost all of your usual SQLMAP command line functionality is still possible via this Web GUI. Demo against: Windows 2003...

SQLMap Web Front End

PHP Front end to work with the SQLMAP JSON API Server sqlmapapi.py to allow for a Web GUI to drive near full functionality of SQLMAP! Windows 2003 Server, IIS/6.0 + ASP + MS-SQL 2005 SQLMap Web GUI Requirements: Linux, Apache, PHP check your favorite distro’s wiki or forum pages, or use google PH...

Fortinet FortiMail < 4.3.9 / 5.0.8 / 5.1.5 / 5.2.3 XSS

The remote host is running a version of FortiMail that is prior to 4.3.9 / 5.0.8 / 5.1.5 / 5.2.3. It is, therefore, affected by a cross-site scripting vulnerability in the web GUI due to improper input validation within the Web Action Quarantine Release feature, specifically for the 'release'...

Cisco ACE 4710 Application Control Engine and Application Networking Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web GUI of the Cisco Application Networking Manager ANM and the Device Manager DM in the Cisco ACE 4710 Application Control Engine ACE Appliance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web...

IBM Tivoli Storage Manager Backup-Archive client authentication bypass vulnerability

IBM Tivoli Storage Manager TSM is a suite of backup and recovery management solutions from IBM in the U.S. It supports data protection, space management and archiving, business recovery, and disaster recovery.IBM TSM Backup-Archive Client is one of the backup archive clients. A security...

Authentication flaw

The 1 Java GUI and 2 Web GUI components in the IBM Tivoli Storage Manager TSM Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, a...

Cross site scripting

Cross-site scripting XSS vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus 7.3.0 before 7.3.0.6, 7.3.1 before 7.3.1.7, and 7.4.0 before 7.4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

[oCERT-2014-005] LPAR2RRD input sanitization errors

2014-005 LPAR2RRD input sanitization errors Description: LPAR2RRD is a performance monitoring and capacity planning software for IBM Power Systems. LPAR2RRD generates historical, future trends and nearly "real-time" CPU utilization graphs of LPAR's and shared CPU usage. Insufficient input...

D-Link DNS-323 - Multiple Vulnerabilities

No description provided by source. Exploit Title: D-Link DNS-323 Multiple Vulnerabilities Author: sghctoma E-mail: [email protected] Category: Hardware Vendor: http://www.dlink.com/ Firmware Version: 1.09 Product:...