2 matches found
Cisco Prime Infrastructure and EPNM DashboardRenderer XML External Entity Injection (CVE-2017-6662)
A directory traversal vulnerability exists in Oracle Fusion Middleware MapViewer. The vulnerability is due to a lack of proper input sanitization on multipart form-data requests in FileUploaderServlet. A remote attacker can exploit this vulnerability by sending a maliciously crafted HTTP request...
Cisco Prime Infrastructure XML Injection Vulnerability (cisco-sa-20170621-piepnm1)
A vulnerability in the web-based user interface of Cisco Prime Infrastructure PI could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker must have valid user credentials...