18 matches found
PT-2026-21526
Name of the Vulnerable Software and Affected Versions Zscaler Internet Access versions affected versions not specified Description An issue exists in the ZIA Admin UI where improper validation of user-supplied input can allow an authenticated administrator to initiate backend functions through...
EUVD-2020-24425
Malware in sbrugna...
EUVD-2015-0702
Malware in sbrugna...
EUVD-2015-0687
Malware in sbrugna...
Cisco Cloud Web Security SQL Injection Vulnerability
Cisco Cloud Web Security is a comprehensive cloud-delivered web defense solution. A SQL injection vulnerability exists in the web UI of Cisco Cloud Web Security. The vulnerability stems from the web management interface failing to properly validate SQL values. An authenticated attacker can exploi...
CVE-2020-3154
A vulnerability in the web UI of Cisco Cloud Web Security CWS could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this...
Sql injection
A vulnerability in the web UI of Cisco Cloud Web Security CWS could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this...
CVE-2020-3154 Cisco Cloud Web Security SQL Injection Vulnerability
A vulnerability in the web UI of Cisco Cloud Web Security CWS could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this...
CVE-2020-3154 Cisco Cloud Web Security SQL Injection Vulnerability
A vulnerability in the web UI of Cisco Cloud Web Security CWS could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this...
CVE-2020-3154
Cisco Cloud Web Security (CWS) web UI contains a SQL injection vulnerability. The web-based management interface improperly validates SQL values, allowing an authenticated, remote attacker to send malicious requests to an affected device and modify or return values from the underlying database. A...
Cisco Cloud Web Security SQL Injection Vulnerability
A vulnerability in the web UI of Cisco Cloud Web Security could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this vulnerability...
Cisco Cloud Web Security Security Restriction Bypass Vulnerability
Cisco Cloud Web Security is the United States Cisco Cisco company's set of network security protection software. connector engine is one of the connector engine. A security vulnerability exists in the connector engine in Cisco Cloud Web Security, which stems from the program's failure to properly...
CVE-2015-0689
Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743...
CVE-2015-0689
Cisco Cloud Web Security (CWS) prior to version 3.0.1.7 is affected by CVE-2015-0689. The root cause is improper handling of HTTP methods in the connector engine, which allows remote attackers to bypass the product’s filtering protection. The impact is bypass of the intended content filtering (no...
CVE-2015-0689
Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743...
Cisco Cloud Web Security Alert Service Cross-Site Scripting Vulnerability
Cisco Cloud Web Security is a set of network security protection software from Cisco USA.Alert Service is one of the alert services. A cross-site scripting vulnerability exists in Alert Service in Cisco Cloud Web Security, which stems from the program failing to perform input validation adequatel...
CVE-2015-0674
Cross-site scripting XSS vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...
CVE-2015-0674
CVE-2015-0674 is an XSS vulnerability in Cisco Cloud Web Security’s Alert Service (base revision). The issue arises from insufficient input validation, allowing remote attackers to inject arbitrary web script or HTML via unspecified parameters. The connected documents confirm Cisco Cloud Web Secu...