35 matches found
CVE-2024-20478
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...
CVE-2024-20473
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...
CVE-2020-6960
The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch,...
CVE-2024-20472
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...
CVE-2024-20471
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...
CVE-2024-20472
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...
CVE-2024-20471
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...
CVE-2024-20374
Cisco Secure Firewall Management Center (FMC) Command Injection (CVE-2024-20374) affects FMC web-based management interface. The root cause is insufficient input validation of certain HTTP request parameters, enabling an authenticated administrator to execute arbitrary commands on the underlying ...
Cisco Secure Firewall Management Center Software Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating...
CVE-2024-20483
CVE-2024-20483 involves multiple vulnerabilities in Cisco Routed PON Controller Software (Docker container on Cisco IOS XR hardware) where insufficient validation of arguments to configuration commands can allow an authenticated, admin-level attacker on the PON Manager or direct access to its Mon...
CVE-2024-20483 Cisco IOS XR PON Controller Command Injection Vulnerabilities
Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager Mongo...
CVE-2024-20478 Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...
Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...
CVE-2023-3419
The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'couponId' parameter of the 'recreatestripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2023-3416
The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'createstripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...
CVE-2023-3419
CVE-2023-3419 concerns tagDiv Opt-In Builder (WordPress plugin) with a Blind SQL Injection in the couponId parameter of the recreate_stripe_subscription REST endpoint. Affected versions up to and including 1.4.4 allow an authenticated administrator to append SQL statements to existing queries, en...
CVE-2023-3419 tagDiv Opt-In Builder <= 1.4.4 - Authenticated (Admin+) SQL Injection
The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'couponId' parameter of the 'recreatestripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2024-20356
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability...
CVE-2024-20358
A vulnerability in the Cisco Adaptive Security Appliance ASA restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level...
CVE-2024-2409 MasterStudy LMS <= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action
The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the registeruser function called by the 'wpajaxnoprivstmlmsregister' AJAX action. This makes it possible for...