CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1332 matches found

Cisco•added 2015/12/10 10:30 p.m.•23 views

Cisco Emergency Responder Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Emergency Responder Software could allow an unauthenticated, remote attacker to execute a stored cross-site scripting XSS attack against the user of the web interface. The vulnerability is due to insufficient validation on the input fields of a web...

4.3CVSS5.5AI score0.0095EPSS

Exploits0References1

Cisco•added 2015/12/10 8:30 a.m.•25 views

Cisco Emergency Responder Service Web Framework Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco Emergency Responder server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit th...

4.3CVSS7AI score0.00981EPSS

Exploits0References1

Cisco•added 2015/12/10 7:30 a.m.•31 views

Cisco Emergency Responder Web Framework Arbitrary File Upload Vulnerability

A vulnerability in the web framework of Cisco Emergency Responder CER could allow an unauthenticated, remote attacker to upload arbitrary files to a restricted location on the filesystem. The vulnerability is due to insufficient parameter validation. An attacker could exploit this vulnerability b...

4CVSS6.7AI score0.0162EPSS

Exploits0References1

Cisco•added 2015/12/09 1:30 p.m.•22 views

Cisco TelePresence Video Communication Server Expressway Web Framework Code Unauthorized Access Vulnerability

A vulnerability in the web framework code of Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to install Tandberg Linux Packages TLPs without proper authorization. The vulnerability is due to missing authorization checks on certain...

4CVSS7.5AI score0.01684EPSS

Exploits0References1

Fedora•added 2015/12/07 8:32 p.m.•33 views

[SECURITY] Fedora 23 Update: python-django-1.8.7-1.fc23

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

5CVSS1.6AI score0.04284EPSS

Exploits0

OpenVAS•added 2015/12/01 12:0 a.m.•21 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability (Cisco-SA-20150128-CVE-2014-8022)

A vulnerability in the web framework of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be...

4.3CVSS6.1AI score0.01792EPSS

Exploits0References2

Fedora•added 2015/11/19 10:11 a.m.•31 views

[SECURITY] Fedora 23 Update: python-django-1.8.6-1.fc23

7.8CVSS1.6AI score0.07266EPSS

Exploits0

Prion•added 2015/11/12 3:59 a.m.•15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the web framework in Cisco FireSIGHT Management Center MC 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuw88396...

3.5CVSS5.7AI score0.01075EPSS

Exploits0References2Affected Software1

Cvelist•added 2015/11/12 2:0 a.m.•23 views

CVE-2015-6363

5.4AI score0.01075EPSS

Exploits0References2

Cisco•added 2015/11/11 10:30 a.m.•27 views

Cisco FireSight Management Center Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco FireSIGHT Management Center MC could allow an authenticated, remote attacker to execute a stored, cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to improper sanitization of parameter values. An attacker...

4CVSS5.8AI score0.01075EPSS

Exploits0References1

CNVD•added 2015/11/02 12:0 a.m.•2 views

Cisco Prime Service Catalog WEB Framework SQL Injection Vulnerability

Cisco Prime Service Catalog is a solution for all services offered through a single portal from Cisco, USA. A SQL injection vulnerability exists in the Cisco Prime Service Catalog version 11.0 WEB framework. A remote attacker could execute arbitrary SQL commands via this vulnerability...

6.5CVSS8.6AI score0.01361EPSS

Exploits0References1

Prion•added 2015/10/30 10:59 a.m.•11 views

Sql injection

SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843...

6.5CVSS8.5AI score0.01361EPSS

Exploits0References2Affected Software1

Cisco•added 2015/10/29 12:0 a.m.•28 views

Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco FireSIGHT Management Center MC could allow an authenticated, remote attacker to execute a stored cross-site scripting XSS attack against the user of the web interface. The vulnerability is due to improper sanitization of parameter values. An attacker...

4CVSS5.6AI score0.01085EPSS

Exploits0References1

Cisco•added 2015/10/28 7:30 p.m.•23 views

Cisco Prime Service Catalog SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to execute unauthorized Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could...

4CVSS7.3AI score0.01361EPSS

Exploits0References1

NVD•added 2015/10/13 12:59 a.m.•13 views

CVE-2015-6328

The web framework in Cisco Prime Collaboration Assurance PCA 10.51 allows remote authenticated users to bypass intended access restrictions and read arbitrary files via a crafted URL, aka Bug ID CSCus88380...

6.8CVSS6.2AI score0.01885EPSS

Exploits0References2

Prion•added 2015/10/13 12:59 a.m.•13 views

Design/Logic Flaw

6.8CVSS6.7AI score0.01885EPSS

Exploits0References2Affected Software1

Cisco•added 2015/10/08 8:10 p.m.•22 views

Cisco Prime Collaboration Assurance Arbitrary File Retrieval Vulnerability

A vulnerability in the web framework of Cisco Prime Collaboration Assurance PCA could allow an authenticated, remote attacker to retrieve arbitrary files from the underlying file system. The vulnerability is due to incorrect implementation of the access control code. An attacker could exploit thi...

6.8CVSS6.8AI score0.01885EPSS

Exploits0References1

Cisco•added 2015/10/08 8:0 p.m.•23 views

Cisco Prime Collaboration Provisioning SQL Injection Vulnerability

A vulnerability in web framework of Cisco Prime Collaboration Provisioning PCP could allow an authenticated, remote attacker to execute unauthorized SQL queries. The vulnerability is due to a failure to validate user-supplied input used in SQL queries. An attacker could exploit this vulnerability...

6.5CVSS7.3AI score0.01592EPSS

Exploits0References1

Cisco•added 2015/10/08 1:30 p.m.•30 views

Cisco Prime Collaboration Assurance SQL Injection Vulnerability

A vulnerability in web framework of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to execute unauthorized SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerabilit...

6.5CVSS7AI score0.01592EPSS

Exploits0References1

RedHat Linux•added 2015/10/08 12:11 p.m.•43 views

Moderate: Red Hat Security Advisory: python-django security update

Updated python-django packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

5CVSS6.6AI score0.05163EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by