Cisco Identity Services Engine Cross-Site Scripting Attack Vulnerability (CNVD-2018-10666)

Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A cross-site scripting...

Cisco Unified Communications Manager and Cisco Unified Presence Cross-Site Scripting Vulnerabilities

Cisco Unified Communications Manager CUCM and Cisco Unified Presence are both products of Cisco Corporation.CUCM is a call-processing component of a unified communications system.Cisco Unified Presence is a key component of a unified communications system. Cisco Unified Presence is a key componen...

Cisco Unified Communications Manager and Cisco Unified Presence Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

[SECURITY] Fedora 27 Update: perl-Dancer2-0.206000-1.fc27

Dancer2 is the new generation of Dancer, the lightweight web-framework for Perl. It is a complete rewrite based on Moo and is meant to be easy and fun...

[SECURITY] Fedora 28 Update: perl-Dancer2-0.206000-1.fc28

Dancer2 is the new generation of Dancer, the lightweight web-framework for Perl. It is a complete rewrite based on Moo and is meant to be easy and fun...

FastAdmin Cross-Site Scripting Vulnerability

FastAdmin is a system backend development framework based on ThinkPHP and Bootstrap. A cross-site scripting vulnerability exists in FastAdmin version 1.0.0.20180417beta. A remote attacker can use the 'avatar' parameter to inject arbitrary web script or HTML...

Cisco Unified Communications Manager Information Disclosure Vulnerability

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. An information disclosure...

CVE-2018-0267

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web...

CVE-2018-0266

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsin...

CVE-2018-0269

A vulnerability in the web framework of the Cisco Digital Network Architecture Center DNA Center could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing CORS policy...

Design/Logic Flaw

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsin...

Design/Logic Flaw

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web...

CVE-2018-0267

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web...

CVE-2018-0267

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web...

CVE-2018-0269

Cisco DNA Center suffers an information-disclosure/unauthenticated-access risk due to an overly permissive CORS policy in its web framework, allowing a remote attacker to communicate with the Kong API server after deceiving a user with a malicious link. The issue is tied to DNA Center’s web API e...

CVE-2018-0267

CVE-2018-0267 affects Cisco Unified Communications Manager (CUCM) Web framework. The issue is an information-disclosure vulnerability where an authenticated, local attacker can view restricted data due to insufficient protection of database tables via the web interface. An attacker could exploit ...

Seagate Media Server SRN21C Cross Site Scripting

------------------------------------------------------------------------ Seagate Media Server stored Cross-Site Scripting vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2017...

Cisco DNA Center Cross Origin Resource Sharing Vulnerability

A vulnerability in the web framework of the Cisco Digital Network Architecture Center DNA Center could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing CORS policy...

[SECURITY] Fedora 28 Update: python2-django1.11-1.11.11-1.fc28

This package provides Django in version 1.11 LTS, the last release to support Python 2. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...