208 matches found
PT-2016-4770 · Cisco · Cisco Firepower Management Center
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center versions 5.4.0 through 6.0.0.1 Description: The issue allows remote authenticated users to modify pages by placing crafted code in a parameter value. Recommendations: For versions 5.4.0 through 6.0.0.1,...
CVE-2015-8474
Open redirect vulnerability in the validbackurl function in app/controllers/applicationcontroller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted backurl parameter, a...
Open redirect
Open redirect vulnerability in the validbackurl function in app/controllers/applicationcontroller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted backurl parameter, a...
CVE-2015-8474
Open redirect vulnerability in the validbackurl function in app/controllers/applicationcontroller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted backurl parameter, a...
The vulnerability of the Ruby on Rails software platform, which allows attackers to bypass the mechanism for verifying data correctness
The vulnerability of the Ruby on Rails software platform lies in the fact that the Active Model component supports the use of instance-level records for class methods. Exploiting this vulnerability allows a malicious actor to bypass the data validation mechanism by using a specially crafted...
The vulnerability of Adobe Connect’s instant messaging program allows a hacker to influence the system.
Vulnerability of Adobe Connect’s instant messaging program. Exploiting this vulnerability can allow a malicious actor to influence the system through a specially crafted parameter in the URL string...
CVE-2016-0949
Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL...
Code injection
Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL...
CVE-2016-0949
Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL...
The vulnerability of the Cisco Firepower Extensible Operating System allows a hacker to read arbitrary files.
The vulnerability of the Cisco Firepower Extensible Operating System is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to read arbitrary files through a parameter transmitted using pre-prepared executable code...
CVE-2016-1306
Multiple cross-site scripting XSS vulnerabilities in Cisco Fog Director 1.00 allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466...
CVE-2016-1306
Multiple cross-site scripting XSS vulnerabilities in Cisco Fog Director 1.00 allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Cisco Fog Director 1.00 allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466...
CVE-2016-1306
Multiple cross-site scripting XSS vulnerabilities in Cisco Fog Director 1.00 allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466...
Directory traversal
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter...
CVE-2015-6407
Cisco Emergency Responder 10.53.10000.9 allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501...
CVE-2015-6407
Cisco Emergency Responder 10.53.10000.9 allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501...
Directory traversal
Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSCERRORPAGE parameter...
Directory traversal
Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter...
The vulnerability of the Cisco Unified Communications Manager system allows a intruder to inject arbitrary web or HTML code.
The vulnerability of the Cisco Unified Communications Manager IP telephony management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code using a specially crafted parameter...