CVE-2017-16131

unicorn-list is a web framework. unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16131

unicorn-list is a web framework. unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

Directory traversal

unicorn-list is a web framework. unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16091

xtalk helps your browser talk to nodex, a simple web framework. xtalk is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL...

CVE-2017-16131

unicorn-list is a web framework. unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16131

CVE-2017-16131 concerns the unicorn-list web framework, which is vulnerable to a directory traversal flaw. Affects the ability to access filesystem paths by placing relative path sequences like ../ in the URL, potentially exposing private files. Public sources (GHSA/NPM advisory) describe this vu...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2018-11314)

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting...

Cisco WebEx Cross-Site Scripting Vulnerability

Cisco WebEx is the United States Cisco Cisco company's set of Web conferencing tools, the tool can assist off-site office workers to coordinate and collaborate.WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging IM. A cross-site scripting...

Cisco WebEx Cross-Site Scripting Vulnerability (CNVD-2018-11321)

Cisco WebEx is the United States Cisco Cisco company's set of Web conferencing tools, the tool can assist off-site office workers to coordinate and collaborate.WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging IM. A cross-site scripting...

Cisco Prime Collaboration Provisioning SQL Injection Vulnerability (CNVD-2018-11254)

Cisco Prime Collaboration Provisioning PCP is a set of Web-based, next-generation communications services software from Cisco. The software provides IP communication service features for IP telephony, voice mail and unified communications environments. A SQL injection vulnerability exists in the...

Cisco Prime Collaboration Provisioning SQL Injection Vulnerability

A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input in SQL queries. An attacker could exploit this...

Design/Logic Flaw

hapi is a web and services application framework. When hapi = 15.0.0 = 16.1.0 encounters a malformed accept-encoding header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached...

CVE-2017-16013

hapi is a web and services application framework. When hapi = 15.0.0 = 16.1.0 encounters a malformed accept-encoding header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached...

CVE-2017-16020

Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name...

CVE-2017-16020

CVE-2017-16020 affects Summit (Node.js web framework) when using the PouchDB driver. Affected: Summit 0.1.0 and later. Vulnerability: collection names can be manipulated to execute arbitrary commands, enabling remote code execution. Exploitation details across connected sources consistently refer...

CVE-2017-16013

hapi is a web and services application framework. When hapi = 15.0.0 = 16.1.0 encounters a malformed accept-encoding header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached...

Cross site scripting

A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

CVE-2018-0327

A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

CVE-2018-0327

A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

CVE-2018-0327

CVE-2018-0327 relates to Cisco Identity Services Engine (ISE) Web Framework. The vulnerability arises from insufficient input validation of parameters sent via HTTP GET/POST, enabling an unauthenticated, remote attacker to trigger a cross-site scripting (XSS) attack against a logged-in user of th...