Cisco IOS and IOS XE Software IOx Local Manager Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of the Cisco Local Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some...

PT-2016-4817 · Cisco · Cisco Spa300 +2

Name of the Vulnerable Software and Affected Versions: Cisco SPA300, SPA500, and SPA51x devices affected versions not specified Description: The issue allows remote attackers to cause a denial of service, resulting in a device outage, by sending a series of malformed HTTP requests to the HTTP...

[SECURITY] Fedora 25 Update: rubygem-rails-5.0.0.1-1.fc25

Ruby on Rails is a full-stack web framework optimized for programmer happin ess and sustainable productivity. It encourages beautiful code by favoring convention over configuration...

Cisco Identity Services Engine Admin Dashboard Page Cross-Site Scripting Vulnerability (cisco-sa-20160817-ise)

A vulnerability in the web framework code of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation for some of t...

Cisco Smart Call Home Transport Gateway Cross-Site Scripting Vulnerability

A vulnerability in the web framework of the Cisco Smart Call Home Transport Gateway could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this...

Moderate: Red Hat Security Advisory: python-django security update

An update for python-django is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

[SECURITY] Fedora 24 Update: python-django-1.9.8-1.fc24

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Design/Logic Flaw

The web framework in Cisco Unified Computing System UCS Performance Manager 2.0.0 and earlier allows remote authenticated users to execute arbitrary commands via crafted parameters in a GET request, aka Bug ID CSCuy07827...

CVE-2016-1374

The web framework in Cisco Unified Computing System UCS Performance Manager 2.0.0 and earlier allows remote authenticated users to execute arbitrary commands via crafted parameters in a GET request, aka Bug ID CSCuy07827...

Apache Struts 2 REST Plugin OGNL Expression Handling RCE

The remote web application appears to use Apache Struts 2, a web framework that utilizes OGNL Object-Graph Navigation Language as an expression language. A remote code execution vulnerability exists in the REST plugin due to improper handling of OGNL expressions. An unauthenticated, remote attack...

Cisco Prime Collaboration Provisioning SQL Injection Vulnerability (cisco-sa-20151008-pcp)

A vulnerability in web framework of Cisco Prime Collaboration Provisioning PCP could allow an authenticated, remote attacker to execute unauthorized SQL queries. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...

Cisco Cloud Network Automation Provisioner SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Cloud Network Automation Provisioner CNAP could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input in SQL...

Cisco Prime Collaboration Assurance 10.5.1.x < 10.5.1.58480 Multiple Vulnerabilities

According to its self-reported version number, the remote Cisco Prime Collaboration Assurance device is 10.5.1.x prior to 10.5.1.58480. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability exists in the web framework of Cisco Prime Collaboration...

Cisco Prime Collaboration Provisioning 10.6.x / 11.0.x < 11.0.0.815 Web Framework SQLi (cisco-sa-20151008-pcp)

According to its self-reported version number, the Cisco Prime Collaboration Provisioning PCP device is 10.6.x or 11.0.x prior to 11.0.0.582. It is, therefore, affected by a SQL injection vulnerability in the web framework component due to improper sanitization of user-supplied input before using...

Cisco Unity Connection Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of certain parameters...

Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco IP Interoperability and Collaboration System could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced...

Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco IP Interoperability and Collaboration System could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient XSS protections. An attacker could exploit this vulnerability by...

Moderate: Red Hat Security Advisory: python-django security update

An update for python-django is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

[SECURITY] Fedora 22 Update: python-django-1.8.11-1.fc22

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...