Lucene search
K

208 matches found

Positive Technologies
Positive Technologies
added 2016/05/28 12:0 a.m.7 views

PT-2016-4770 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center versions 5.4.0 through 6.0.0.1 Description: The issue allows remote authenticated users to modify pages by placing crafted code in a parameter value. Recommendations: For versions 5.4.0 through 6.0.0.1,...

6.5CVSS7.1AI score0.00894EPSS
Exploits0References2
NVD
NVD
added 2016/04/12 2:59 p.m.19 views

CVE-2015-8474

Open redirect vulnerability in the validbackurl function in app/controllers/applicationcontroller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted backurl parameter, a...

7.4CVSS7.2AI score0.01849EPSS
Exploits0References5
Prion
Prion
added 2016/04/12 2:59 p.m.15 views

Open redirect

Open redirect vulnerability in the validbackurl function in app/controllers/applicationcontroller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted backurl parameter, a...

5.8CVSS6.6AI score0.02716EPSS
Exploits1References5Affected Software2
Cvelist
Cvelist
added 2016/04/12 2:0 p.m.28 views

CVE-2015-8474

Open redirect vulnerability in the validbackurl function in app/controllers/applicationcontroller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted backurl parameter, a...

7.1AI score0.01849EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2016/03/23 12:0 a.m.7 views

The vulnerability of the Ruby on Rails software platform, which allows attackers to bypass the mechanism for verifying data correctness

The vulnerability of the Ruby on Rails software platform lies in the fact that the Active Model component supports the use of instance-level records for class methods. Exploiting this vulnerability allows a malicious actor to bypass the data validation mechanism by using a specially crafted...

5CVSS6.4AI score0.07157EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/03/02 12:0 a.m.8 views

The vulnerability of Adobe Connect’s instant messaging program allows a hacker to influence the system.

Vulnerability of Adobe Connect’s instant messaging program. Exploiting this vulnerability can allow a malicious actor to influence the system through a specially crafted parameter in the URL string...

10CVSS7.8AI score0.04424EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2016/02/10 8:59 p.m.22 views

CVE-2016-0949

Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL...

10CVSS9.3AI score0.04424EPSS
Exploits0References2
Prion
Prion
added 2016/02/10 8:59 p.m.12 views

Code injection

Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL...

10CVSS7.2AI score0.04424EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/02/10 8:0 p.m.27 views

CVE-2016-0949

Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL...

9.4AI score0.04424EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2016/02/08 12:0 a.m.10 views

The vulnerability of the Cisco Firepower Extensible Operating System allows a hacker to read arbitrary files.

The vulnerability of the Cisco Firepower Extensible Operating System is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to read arbitrary files through a parameter transmitted using pre-prepared executable code...

4CVSS5.6AI score0.00966EPSS
Exploits0References2
NVD
NVD
added 2016/02/06 5:59 a.m.19 views

CVE-2016-1306

Multiple cross-site scripting XSS vulnerabilities in Cisco Fog Director 1.00 allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466...

6.1CVSS6AI score0.00773EPSS
Exploits0References1
OSV
OSV
added 2016/02/06 5:59 a.m.2 views

CVE-2016-1306

Multiple cross-site scripting XSS vulnerabilities in Cisco Fog Director 1.00 allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466...

6.1CVSS5.8AI score0.00773EPSS
Exploits0References1
Prion
Prion
added 2016/02/06 5:59 a.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Cisco Fog Director 1.00 allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466...

4.3CVSS6AI score0.00773EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2016/02/06 2:0 a.m.24 views

CVE-2016-1306

Multiple cross-site scripting XSS vulnerabilities in Cisco Fog Director 1.00 allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466...

6AI score0.00773EPSS
Exploits0References1
Prion
Prion
added 2015/12/28 3:59 p.m.18 views

Directory traversal

Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter...

4CVSS6.6AI score0.01974EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2015/12/13 3:59 a.m.17 views

CVE-2015-6407

Cisco Emergency Responder 10.53.10000.9 allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501...

4CVSS6.8AI score0.0162EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/12/13 2:0 a.m.20 views

CVE-2015-6407

Cisco Emergency Responder 10.53.10000.9 allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501...

6.8AI score0.0162EPSS
Exploits0References3
Prion
Prion
added 2015/10/02 2:59 a.m.11 views

Directory traversal

Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSCERRORPAGE parameter...

7.8CVSS7.1AI score0.03232EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2015/09/05 2:59 a.m.11 views

Directory traversal

Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter...

4CVSS6.6AI score0.01557EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/08/18 12:0 a.m.9 views

The vulnerability of the Cisco Unified Communications Manager system allows a intruder to inject arbitrary web or HTML code.

The vulnerability of the Cisco Unified Communications Manager IP telephony management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code using a specially crafted parameter...

4.3CVSS5.7AI score0.01546EPSS
Exploits0References2
Rows per page
Query Builder