4 matches found
Sql injection
A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates...
Directory traversal
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software prior to Release 12.1 could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation o...
CVE-2017-6636
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software prior to Release 11.1 could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HT...
CVE-2017-6637
Cisco Prime Collaboration Provisioning (PCP) web interface vulnerability CVE-2017-6637 allows an authenticated, remote attacker to delete arbitrary files due to insufficient HTTP request input validation and lack of RBAC enforcement, via directory traversal on the affected system. Core issue: imp...