CVE-2018-0107

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by...

CVE-2018-0105

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. ...

CVE-2018-0107

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by...

CVE-2018-0105

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. ...

CVE-2018-0105

The CVE-2018-0105 entry describes an information-disclosure flaw in the web framework of Cisco Unified Communications Manager (CUCM). The root cause is insufficient protection of database tables, allowing an unauthenticated, remote attacker to view data by visiting a specific URL. Affected compon...

CVE-2017-12307

CVE-2017-12307 affects Cisco Small Business 300/500 Series Managed Switches (including 300/500 Series, 350, 350X, 550X, ESW2) where the web interface’s input validation can be bypassed to trigger a reflected XSS. The root cause is insufficient input validation in parameters passed to the web serv...

Cisco Enterprise License Manager Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Enterprise License Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An...

Cisco Small Business 300 and 500 Series Managed Switches HTTP Response Splitting Vulnerability

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation ...

Cisco Prime Service Catalog Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by...

Seagate Personal Cloud - Multiple Vulnerabilities

Exploit for hardware platform in category remote exploits SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities Vulnerabilities summary The following advisory describes two 2 unauthenticated command injection vulnerabilities. Seagate Personal Cloud Home Media Storage is “the easiest way ...

Seagate Personal Cloud Command Injection

SSD Advisory a Seagate Personal Cloud Multiple Vulnerabilities Vulnerabilities summary The following advisory describes two 2 unauthenticated command injection vulnerabilities. Seagate Personal Cloud Home Media Storage is athe easiest way to store, organize, stream and share all your music, movie...

SQL Injection Vulnerability in DuxCms 3.0

DuxCms is a small and medium-sized website builder based on PHP+MYSQL and written in CANPHP framework. DuxCms 3.0 suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

Microsoft ASP.NET Core Elevation of Privilege Vulnerability (CNVD-2018-00899)

Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation USA. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An elevation of privilege vulnerability exists in Microsoft ASP.NET Core versio...

Cisco Prime Service Catalog SQL Injection Vulnerability

Cisco Prime Service Catalog PSC is a service catalog solution from Cisco USA that provides all IT services through a single portal. The solution supports automated ordering of a unified service catalog for computing, networking, storage, and other data center resources. A SQL injection...

Cisco Prime Service Catalog SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could...

CVE-2017-16762

Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring...

PYSEC-2017-40

Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring...

Cisco Prime Collaboration Provisioning SQL Injection Vulnerability

Cisco Prime Collaboration Provisioning application is the United States of America Cisco Cisco company's set of Web-based next-generation communications services software. The software provides IP communication service features for IP telephony, voice mail and unified communications environments....

Cisco IOS XE Software Cross-Site Scripting Vulnerability

Cisco IOS XE Software is an operating system developed by Cisco for its network devices.Web framework is one of the Web frameworks. A cross-site scripting vulnerability exists in the Web framework of Cisco IOS XE Software. A remote attacker can exploit this vulnerability to inject arbitrary web...

Cross site scripting

A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameter...