75 matches found
CVE-2018-0371
A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a...
Input validation
A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a...
CVE-2018-0371
CVE-2018-0371 affects Cisco Meeting Server Web Admin Interface (Acano X-Series, Meeting Server 1000, 2000). The root cause is insufficient validation of incoming HTTP requests, allowing an authenticated remote attacker to cause a DoS by restarting the system and terminating ongoing calls. This is...
CVE-2018-1189
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially...
CVE-2017-18014
An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page Control Center - Log Viewer - in the filter option "Web Server Protection" in the webadmin...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2018-01388)
Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2017-36401)
Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting...
Cisco Meeting Server Denial of Service Vulnerability (CNVD-2017-32492)
Cisco Meeting Server formerly known as Acano Conferencing Server, CMS is the United States of America Cisco Cisco company's set of audio and video conferencing server software.Web Admin Interface is one of the Web login interface. A denial of service vulnerability exists in the Web Admin Interfac...
Design/Logic Flaw
A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...
CVE-2017-12264
A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...
CVE-2017-12264
A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...
Cisco Meeting Server Denial of Service Vulnerability
A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...
Peplink Balance Routers Web Admin Detection
Detection of Peplink Balance Routers Web Admin. The script sends a connection request to the server and attempts to detect the Web Admin Interface of Peplink Balance Routers. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...
D-LINK DIR-850L web admin interface vulnerable to stack-based buffer overflow (CVE-2017-3193 )
The affected service is the management web, in the cgibin file located within the htdocs folder on the router filesystem. The vulnerability is a Stack-Based Buffer Overflow, caused by a non-controlled use of the strcat function that allows an overwrite of the PC, and thus the execution flow of th...
NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution', 'Description' = %q The NVRmini 2 Network...
Symantec Encryption Management Server Server Multiple Security Issues
The management console for Symantec Encryption Management Server SEMS is susceptible to potential OS command execution, local access elevation of privilege, a heap-based memory corruption resulting in a service crash and potential information disclosure of management console logon/account...
Oracle Commerce Platform A vulnerability exists in the Commerce Platform component
Oracle Commerce Platform is the United States Oracle Oracle company's set of e-business solutions platform. A security vulnerability exists in the Dynamo Application Framework - HTML Admin User Interface subcomponent of the Oracle Commerce Platform component of Oracle Commerce Platform. A remote...
CVE-2014-0152
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors...
Session fixation
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors...
CVE-2014-0152
CVE-2014-0152 affects oVirt Web Admin Interface (3.4.0 and earlier). Root cause: after authentication, a new session ID is not generated and session IDs may be stored in HTML5 local storage, not protected by same-origin policy. This enables a remote attacker to hijack a logged-in user’s session v...