Cisco IOS XR SSH Disconnect Error Denial of Service Vulnerability

A vulnerability in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to an error that could occur in the affected software when an SSH connection is disconnected from an affected device. An authenticated, remot...

Cisco Prime Collaboration Manager SQL Injection Vulnerability

A vulnerability in the Cisco Prime Collaboration Manager interface could allow an unauthenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An...

Cisco UCS Central Software Command-Line Interface Command Injection Vulnerability

A vulnerability in the command-line interface CLI of Cisco UCS Central Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An...

WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload

WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2015-06-07 Download Site:...

Nakid CMS - Multiple Vulnerabilities

Nakid CMS - Multiple Vulnerabilities Exploit Title: CSRF, Persistent XSS & LFI Google Dork: intitle: CSRF, Persistent XSS & LFI Date: 2015-06-11 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: kilrizzy.github.io/Nakid-CMS Software Link:...

Cisco Identity Services Engine Improper Web Page Controls Privilege Escalation Vulnerability

A vulnerability in the administrative web interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information or modify certain device settings. The vulnerability is due to improper controls on certain pages in the web interface. An attack...

Cisco Prime Network Control System Unauthorized Configuration Vulnerability

A vulnerability in the authentication, authorization, and accounting AAA user roles of the Cisco Prime Network Control System NCS network management application could allow an authenticated, remote attacker who is logged in as a system monitor user to perform configuration tasks. The vulnerabilit...

Symphony CMS 2.6.2

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-SYMPHONY0606.txt Vendor: ================================ www.getsymphony.com/download/ Product: ================================ Symphony CMS 2.6.2 Advisory Information:...

JSPMyAdmin SQL Injection, CSRF & XSS Vulnerabilities

Credits: John Page hyp3rlinx Domains: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/AS-JSPMYADMIN0529.txt Vendor: code.google.com/p/jsp-myadmin Product: JSPAdmin 1.1 is a Java web based MySQL database management system. Advisory Information:...

Cisco FireSIGHT Management Center XSS and HTML Injection Vulnerabilities

Multiple vulnerabilities in the administrative web interface of the Cisco FireSIGHT Management Center could allow an attacker to conduct both cross-site scripting XSS and also arbitrary HTML command injection attacks. These vulnerabilities are due to improper user input validation. An attacker...

IBM Security AppScan 9.0.2 Remote Code Execution

!/usr/bin/python import BaseHTTPServer, socket IBM Security AppScan Standard OLE Automation Array Remote Code Execution Author: Naser Farhadi Linkedin: http://ir.linkedin.com/pub/naser-farhadi/85/b3b/909 Date: 1 June 2015 Version: function runmumaa On Error Resume Next set...

Cisco Identity Services Engine Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to access information on a targeted device that is normally available only to authenticated users. The vulnerability is due to improper implementation of session handlers set...

Cisco IP Phone 7861 Denial of Service Vulnerability

A vulnerability in the Cisco IP Phone 7861 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper boundary restrictions when user-supplied input to the affected application is processed. An...

Cisco Sourcefire 3D System Lights-Out Management Arbitrary File Upload Vulnerability

A vulnerability in Lights-Out Management LOM functionality of the Sourcefire 3D System could allow an authenticated, remote attacker to upload arbitrary files to the baseboard management controller BMC on an affected device. The vulnerability is due to insufficient validation and sanitization of...

OpenLitespeed 1.3.9 - Use-After-Free (Denial of Service)

/ Openlitespeed 1.3.9 Use After Free denial of service exploit. This exploit triggers a denial of service condition within the Openlitespeed web server. This is achieved by sending a tampered request contain a large number 91 of 'a: a' header rows. By looping this request, a memmove call within t...

Cisco Wide Area Application Services Server Message Block Protocol Module Denial of Service Vulnerability

A vulnerability in the Server Message Block Protocol SMB module of Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause a reload of the SMB module. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by...

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform SQL injection attacks. The vulnerability is due to a failure to properly sanitize user-supplied input passed to the affected application. An attacker could exploit this vulnerability b...

Cisco StarOS for Cisco ASR 5000 Series HAMGR Service Proxy Mobile IPv6 Processing Denial of Service Vulnerability

A vulnerability in proxy mobile PM IPv6 processing of Cisco StarOS for Cisco ASR 5000 Series devices could allow an unauthenticated, remote attacker to cause a reload of the hamgr service on the affected device. The vulnerability is due to improper processing of malformed IPv6 PM packets. An...

Cisco Secure Access Control Server Dashboard Page Cross-Site Request Forgery Vulnerability

A vulnerability in the Dashboard page in the monitoring and report section of Cisco Secure Access Control Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to the improper generation and validation of the CSRF toke...

Cisco Unified Communications Manager Interactive Voice Response Interface SQL Injection Vulnerability

A vulnerability in the Interactive Voice Response IVR interface of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to conduct SQL injection attacks. The vulnerability is due to a lack of input validation on user-supplied input within SQL queries. An attack...