Cisco Web Security Appliance Cross-Site Scripting Vulnerability

A vulnerability in filter search forms of certain admin webpages of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to perform cross-site scripting XSS attacks. The vulnerability is due to insufficient input validation by an affected device. An unauthenticated...

Cisco TelePresence Collaboration Desk and Room Endpoints HTML Redirect Vulnerability

A vulnerability within the login page of the web user interface of Cisco TelePresence Collaboration Desk and Room Endpoints devices running TC Software could allow an unauthenticated, remote attacker to conduct HTML redirection attacks. The vulnerability is due to improper input validation of...

Cisco Wireless LAN Controller HTML Help Cross-Site Scripting Vulnerability

A vulnerability in the HTML help system of Cisco Wireless LAN Controller WLC devices could allow an unauthenticated, remote attacker conduct cross-site scripting attacks. An unauthenticated, remote attacker who can convince a user of an affected system to follow a malicious link or visit an...

Pitbull / w3tw0rk Perl IRC Bot Remote Code Execution

thehunter.py Pitbull / w3tw0rk Perl IRC Bot Remote Code Execution author: @shipcod3 description: pitbull-w3tw0rkhunter is POC exploit for Pitbull or w3tw0rk IRC Bot that takes over the owner of a bot which then allows Remote Code Execution. import socket import sys def usage: print"USAGE: python...

w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution

thehunter.py Exploit Title: Pitbull / w3tw0rk Perl IRC Bot Remote Code Execution Author: Jay Turla @shipcod3 Description: pitbull-w3tw0rkhunter is POC exploit for Pitbull or w3tw0rk IRC Bot that takes over the owner of a bot which then allows Remote Code Execution. import socket import sys def...

Cisco Identity Services Engine Portal Privilege Elevation Vulnerability

A vulnerability in the Sponsor Portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access guest accounts created from another sponsor account. The vulnerability is due to a failure to restrict guest accounts across sponsors. An attacker could exploit this...

WordPress VideoWhisper Video Presentation 3.31.17 - Remote File Upload Vulnerability

WordPress VideoWhisper Video Presentation plugin version 3.31.17 suffers from a remote shell upload vulnerability Title: Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17 Author: Larry W. Cashdollar, @larry0 Date: 2015-03-29 Download Site:...

Cisco Unified Communications Domain Manager Application Software Information Disclosure Vulnerability

A vulnerability in Cisco Unified Communications Domain Manager Application Software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to unspecified condition within the affected software that could allow local file inclusion. An...

Cisco Unified Communications Domain Manager Application Software SQL Injection Vulnerability

A vulnerability in the Image Management functionality of Cisco Unified Communications Domain Manager Application Software could allow an authenticated, remote attacker to conduct SQL injection attacks. The vulnerability is due to insufficient validation of user-supplied input by the affected...

Acunetix 9.5 OLE Automation Array Remote Code Execution

!/usr/bin/python import BaseHTTPServer, sys, socket Acunetix OLE Automation Array Remote Code Execution Author: Naser Farhadi Linkedin: http://ir.linkedin.com/pub/naser-farhadi/85/b3b/909 Date: 27 Mar 2015 Version: acunetix.exe Video: https://vid.me/SRCb class...

Wordpress Theme Photocrati 4.x.x - SQL Injection & XSS Vulnerabilities

Exploit for php platform in category web applications Exploit Title: wordpress theme photocrati 4.X.X SQL INJECTION Google Dork: Designed by Photocrati also powered by Photocrati Date: 23 / 09 / 2011 Exploit Author: ayastar Email : email protected Software Link: http://www.photocrati.com Version:...

Cisco Content Services Switch (11500) Unauthenticated Port Forwarding Vulnerability

A vulnerability in the Management Interface of the Cisco Content Services Switch 11500 could allow an unauthenticated, remote attacker to gain unauthorized access to other devices on the network. The vulnerability is due to improper handling of SSH packets. An attacker could exploit this...

Cisco AnyConnect Secure Mobility Client Arbitrary File Write Vulnerability

A vulnerability in the inter-process communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to write arbitrary files with elevated privileges. The vulnerability is due to lack of authentication or authorization of certain IPC commands. An...

Cisco Web Security Appliance Cross-Site Scripting Vulnerability

A vulnerability in the Administrator report page of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by...

Cisco Hosted Collaboration Solution Unauthorized System Access Vulnerability

A vulnerability in the Simple Object Access Protocol SOAP Interface of the Cisco Hosted Collaboration Solution HCS could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted system. An attacker could exploit the vulnerability by transmitting crafted Challenge SOAP...

Cisco Wireless LAN Controller Denial of Service Vulnerability

A vulnerability in the wireless intrusion detection WIDS feature of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to force the WLC to become unresponsive. For a Cisco WLC with a default configuration, the attacker could exploit this vulnerability by sending...

Crashing Google Email App for Android Just By Sending a Malicious Email

A vulnerability has been discovered in the wildly popular Google’s Stock Android Email App, that could be exploited by malicious attackers to remotely crash your smartphone application just by sending a specially crafted email. A Spain security researcher, Hector Marco, successfully exploited the...

Cisco ASR 5000 System Architecture Evolution Gateway High CPU Utilization Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP code of Cisco ASR 5500 System Architecture Evolution SAE Gateway could allow an unauthenticated, remote attacker to cause high CPU utilization and the SNMP process may stop responding. The vulnerability is due to insufficient validati...

Cisco Prime Security Manager Cross-Site Scripting Vulnerability

A vulnerability in multiple web interface pages of Cisco Prime Security Manager could allow an unauthenticated, remote attacker to execute cross-site scripting XSS attacks or hijack user sessions. The vulnerability is due to a failure to properly validate user-supplied input in the Dashboard and...

Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service Vulnerability

A vulnerability in the Measurement, Aggregation, and Correlation Engine MACE feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a race condition between process switching and Cisco Express Forwarding...