50 matches found
CVE-2017-3847
A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. More Information: CSCvc72741. Known Affected Releases: 6.2.1...
CVE-2017-3810
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system. More Information: CSCvb21745. Known Affected Releases: 10.0R2tanggula...
Cisco IOS and IOS XE Cisco IOx Local Manager Cross-Site Scripting Vulnerability
Cisco IOS and IOS XE are both operating systems developed by Cisco for its network devices.Cisco IOx Local Manager is one of the local management components. A cross-site scripting vulnerability exists in the web framework in Cisco IOx Local Manager in Cisco IOS version 15.52T and IOS XE. A remot...
CVE-2016-6404
Cross-site scripting XSS vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.52T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854...
Cisco Emergency Responder Web Framework Arbitrary File Upload Vulnerability
Cisco Emergency Responder's real-time location-address tracking database and enhanced routing capabilities can transfer emergency calls directly to the appropriate Public Safety Answering Point PASP based on the caller's location. Cisco Emergency Responder 10.5 3.10000.9 fails to validate...
Cisco Emergency Responder Cross-Site Scripting Vulnerability (CNVD-2015-08365)
Cisco Emergency Responder's real-time location-address tracking database and enhanced routing capabilities can transfer emergency calls directly to the appropriate Public Safety Answering Point PASP based on the caller's location. A security vulnerability exists in the Web framework of Cisco...
Cisco Prime Collaboration Provisioning Access Control Bypass Vulnerability
Cisco Prime Collaboration Provisioning is the United States of America Cisco Cisco a set of Web-based next-generation communications services solutions. A security vulnerability exists in the Web framework of Cisco Prime Collaboration Assurance. A remote attacker could exploit the vulnerability b...
The vulnerability of the microprogramming software of the Cisco TelePresence Supervisor MSE 8050 allows a intruder to execute arbitrary code with privileges of the root user.
The vulnerability of the web-based framework of the microprogramming software for the Cisco TelePresence Supervisor MSE 8050 relates to deficiencies in access control for files. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code with...
The vulnerability of the microprogramming software of the Cisco TelePresence Server allows a intruder to execute arbitrary code with privileges of the root user.
The vulnerability of the web-based framework of the microprogramming software for Cisco TelePresence Server lies in the lack of access control for files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with privileges of a root user...
Command injection
The web framework in Cisco Prime Central for Hosted Collaboration Solution HCS Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists, which allows remote attackers to enumerate directories and files via a series of crafted requests, ak...