Schneider Electric U.motion Builder nfcserver.php SQL Injection (CVE-2017-7973)

An SQL injection vulnerability exists in Schneider Electric U.motion Builder. The vulnerability is due to insufficient validation of the sessionid HTTP request parameter in requests made to nfcserver.php.A remote, unauthenticated user can exploit this vulnerability by sending a crafted HTTP reque...

Sql injection

SQL injection vulnerability in the Operation and Maintenance Unit OMU in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request...

CVE-2017-12784

In Youngzsoft CCFile aka CC File Transfer 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID f...

CVE-2017-12784

In Youngzsoft CCFile aka CC File Transfer 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID f...

Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability

A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of prop...

CVE-2017-4052

Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter...

CVE-2017-4052

Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense ATD 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter...

CVE-2017-9828

'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera...

Schneider Electric U.motion Builder loadtemplate.php SQL Injection (CVE-2017-7973)

An SQL injection vulnerability exists in Schneider Electric U.motion Builder. The vulnerability is due to insufficient validation of the tpl HTTP parameter of the loadtemplate.php request. A remote, unauthenticated user can exploit this vulnerability by sending a crafted HTTP request to the...

Cisco Unified Communications Domain Manager SQL Injection Vulnerabilities

Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager CUCDM could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerabilities are due to insufficient validation of user-supplied input in...

Cisco Unified Communications Domain Manager Open Redirect Vulnerability

A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of HTTP request parameters by the affected software. An attacker...

Directory traversal

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software prior to Release 11.1 could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation o...

Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and...

Cisco Firepower System Software Denial of Service Vulnerability (CNVD-2017-05516)

Cisco Firepower System Software is a next-generation firewall product from Cisco. A security vulnerability exists in Cisco Firepower System Software. A remote attacker could exploit the vulnerability to send a specially crafted HTTP request for a denial of service attack...

CVE-2017-1155

IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference : 1999754...

Design/Logic Flaw

The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request...

UBUNTU-CVE-2015-8954

The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request...

Sql injection

SQL injection vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter...

CVE-2017-3899

SQL injection vulnerability in Intel Security Advanced Threat Defense ATD Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter...

CVE-2017-6367

In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header...