1332 matches found
CVE-2018-0404 Cisco RV180W Wireless-N Multifunction VPN Router SQL Injection Vulnerability
A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information...
CVE-2018-0404 Cisco RV180W Wireless-N Multifunction VPN Router SQL Injection Vulnerability
A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information...
CVE-2018-0404
CVE-2018-0404 affects Cisco RV180W and RV220W devices (web framework) with a SQL injection in the web interface. An unauthenticated remote attacker could execute arbitrary SQL queries and access sensitive information; impact is partial confidentiality. The affected products are end-of-life and Ci...
CVE-2018-0470
A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service DoS condition. The vulnerability is due to the affected software improperly parsing malformed...
CVE-2018-0470
A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service DoS condition. The vulnerability is due to the affected software improperly parsing malformed...
Cisco IOS XE Software Denial of Service Vulnerability (CNVD-2018-20256)
Cisco IOS XE Software is an operating system developed by Cisco for its network devices. A resource management error vulnerability exists in the Web framework in Cisco IOS XE Software, which arises from the software failing to properly parse malformed HTTP packets sent to the device. A remote...
Seagate Personal Cloud SRN21C SQL Injection
------------------------------------------------------------------------ Seagate Media Server multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Yorick Koster, September 2017...
[SECURITY] Fedora 28 Update: python2-django1.11-1.11.15-2.fc28
This package provides Django in version 1.11 LTS, the last release to support Python 2. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
USN-3726-1: Django vulnerability
Andreas Hug discovered that Django contained an open redirect in CommonMiddleware. A remote attacker could possibly use this issue to perform phishing attacks...
CVE-2018-1999002
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...
Jenkins 任意文件读取漏洞(CVE-2018-1999002)
SECURITY-914 / CVE-2018-1999002 An arbitrary file read vulnerability in the Stapler web framework used by Jenkins allowed unauthenticated users to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master process has access to. Input...
Design/Logic Flaw
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...
CVE-2018-1999002
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...
CVE-2018-1999002
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...
CVE-2018-1999007
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...
CVE-2018-1999007
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...
CVE-2018-1999002
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...
CVE-2018-1999007
CVE-2018-1999007 is a cross-site scripting vulnerability in Jenkins up to version 2.132 (and 2.121.1 and earlier for some components) involving the Stapler web framework. When Stapler debug mode is enabled, error/404 pages could display unescaped URL parts, allowing an attacker who can influence ...
Cisco Unified Presence Cross-Site Scripting Vulnerability (CNVD-2018-14097)
Cisco Unified Communications Manager CUCM, Unified CM is a call processing component of a unified communications system from Cisco.Cisco Unified Communications Manager IM and Presence Cisco Unified Communications Manager IM and Presence Service is a CUCM-based instant messaging IM and status...
Cisco Webex Cross-Site Scripting Vulnerability (CNVD-2018-14204)
Cisco WebEx is the United States Cisco Cisco company's set of Web conferencing tools, the tool can assist off-site office workers to coordinate and collaborate.WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging IM. A cross-site scripting...