359 matches found
Cisco Unity Connection Cross-Site Request Forgery Vulnerability
A cross-site request forgery CSRF vulnerability in Cisco Unity Connection could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of CSRF protections by an affected device. An attacker could exploit this vulnerability by convincing a user to...
Cisco UCS Central Software Cross-Site Scripting Vulnerability
Cisco Unified Computing System Manager provides unified, embedded management of all hardware and software components within a unified computing system. Cisco Unified Computing System UCS Central does not properly validate user input, and an unauthenticated remote attacker induces a user to click ...
Cisco SocialMiner WeChat Page Cross-Site Scripting Vulnerability
A vulnerability in the WeChat page of Cisco Social Miner could allow an unauthenticated, remote attacker to send a malicious script to an unsuspecting user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by convincing the user of the...
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit th...
CVE-2014-5237
Open-Xchange App Suite (documentconverter) is affected by CVE-2014-5237. The vulnerability allows Server-Side Request Forgery (SSRF) via a URL embedded in an image within a Text document, which is not correctly handled by the image preview. Affected versions are Open-Xchange App Suite before 7.4....
Cisco Prime Network Control System Cross-Site Scripting Vulnerability
A vulnerability in the health monitor login page of Cisco Prime Network Control System NCS could allow an unauthenticated, remote attacker to conduct cross-site XSS scripting attacks. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...
Cisco SocialMiner Cross-Site Scripting Vulnerability
A vulnerability in the bookmarklet.jsp page of Cisco SocialMiner could allow an unauthenticated, remote attacker to send a malicious script to an unsuspecting user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by convincing the user of th...
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing a...
Cisco Content Filtering Devices Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing the...
DEBIAN-CVE-2008-5519
The JK Connector aka modjk 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving 1 a request from a different client that included a Content-Length header but no POST dat...
cURL: Arbitrary file access
Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description David Kierznowski reported that the redirect implementation accepts arbitrary Location values when CURLOPTFOLLOWLOCATION is enabled. Impact A remote attacker could possibly...
FreeBSD Ports: curl
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2009-0037
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...
CVE-2009-0037
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...
CVE-2009-0037
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...
CVE-2009-0037
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...
CVE-2009-0037
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...
Invision Gallery 1.0.1 - SQL Injection
Invision Gallery 1.0.1 - SQL Injection Invision Power Top Site List SQL Injection Vendor: Invision Power Services Product: Invision Power Top Site List Version: = 1.1 RC 2 Website: http://www.invisiontsl.com/ BID: 9945 Description: Invision Power Top Site List is a flexible site ranking script...
Invision Gallery < 1.0.1 - SQL Injection
Invision Power Top Site List SQL Injection Vendor: Invision Power Services Product: Invision Power Top Site List Version: = 1.1 RC 2 Website: http://www.invisiontsl.com/ BID: 9945 Description: Invision Power Top Site List is a flexible site ranking script written in PHP, the popular programming...