Cisco IOS Shell Denial of Service Vulnerability

A vulnerability in the Cisco IOS Shell could allow an authenticated, but unprivileged, local user to crash the device. The vulnerability is due to improper processing of IOS Shell commands. An attacker could repeatedly exploit this vulnerability to cause an extended denial of service. Cisco has...

Cisco Prime Infrastructure Cross-Site Request Forgery Vulnerability

A vulnerability in the INSERT page of Cisco Prime Infrastructure PI could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack against the Cisco PI web interface. The vulnerability is due to insufficient CSRF protections on the Cisco PI web interface. An...

Cisco Prime Infrastructure Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of several paramete...

Cisco Unified IP Phone 9900 Series Arbitrary File Upload Vulnerability

A vulnerability in the web framework of Cisco Unified IP Phone 9900 Series could allow an unauthenticated, remote attacker to upload arbitrary files to the phone. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafte...

Cisco Unified IP Phone 9900 Series Data Disclosure Vulnerability

A vulnerability in the mobility extension feature of Cisco Unified IP Phone 9900 Series could allow an unauthenticated, remote attacker to obtain sensitive information. The vulnerability is due to insufficient protections of information in transit. An attacker could exploit this vulnerability by...

Iconium Ekonomik Theme - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Iconium Ekonomik Theme - Multiple Vulnerabilites Google Dork: intext:Powered by İconium Mühendislik Date: 03.02.2015 Exploit Author: Herdem Vendor Homepage: http://iconiummuhendislik.com Software Link:...

Vulnerability tracking: Flash critical Vulnerability（CVE-2 0 1 5-0 3 1 1 detailed technical analysis-vulnerability warning-the black bar safety net

Last week's Flash 0day vulnerability you play cool. Known for their natural also want to know its so natural, playing tired, sit down and take a look at this vulnerability causes. Trend Micro recently to the vulnerability detailed analysis, the author translated, the readers. Vulnerability contex...

Cisco WebEx Meetings Server User Enumeration Vulnerability

A vulnerability in the Forgot Password process of the Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate a valid administrator account. The vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by submitting...

Cisco Unified Communications Domain Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework code of Cisco Unified Communication Domain Manager version 10 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. ...

Cisco WebEx Meetings Server XMLAPI Vulnerability

A vulnerability in the XML application programming interface API of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to improper sanitization of return messages. An attacker could exploit this vulnerability by...

Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing a user of...

Analysis of Flash Zero Day Shows Layers of Obfuscation

The Flash zero day that made its way into the Angler exploit kit was wrapped in multiple layers of obfuscation and has the ability to inject its malicious payload straight into users’ browsers. In the last week, since the news broke of the Adobe Flash zero-day flaw appearing in the Angler kit,...

Cisco WebEx Meetings Server User Enumeration Vulnerability

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate valid user accounts. The vulnerability is due to improper sanitization of a returned message. An attacker could exploit this vulnerability by sending crafted URL reques...

Cisco Hosted WebEx Meeting Center Configuration Manipulation Vulnerability

A vulnerability in the Cisco Hosted WebEx Meeting Center service could allow an unauthenticated, remote attacker to enable meeting features that were explicitly disabled by the meeting organizer or site administrator. The vulnerability is due to improper checking of certain meeting parameters whe...

Google reveals 3 Apple OS X Zero-day Vulnerabilities

After exposing three critical zero-day vulnerabilities in Microsoft's Windows operating systems, Google's Project Zero vulnerability research program has revealed the existence of three more zero-day vulnerabilities, but this time, on Apple's OS X platform. The team has published three zero-day...

OS X 10.9.5 IOKit IntelAccelerator NULL Pointer Dereference

Exploit for iOS platform in category local exploits // clang -o ig23exploit ig23exploit.c -framework IOKit -framework CoreFoundation -m32 -DFORTIFYSOURCE=0 // ianbeer include include include include include include include include uint64t kernelsymbolchar sym char cmd1024; strcpycmd, "nm -g...

Cisco WebEx Meetings Server Password Encryption Vulnerability

A vulnerability in the OutlookAction LI of Cisco WebEx Meetings Server could allow an authenticated, remote attacker to generate sensitive encrypted values. The vulnerability is due to the return of a user's encrypted password. An attacker could exploit this vulnerability by generating these...

Cisco TelePresence VCS and Expressway High CPU Utilization Vulnerability

A vulnerability in the SIP code of Cisco TelePresence Video Communication Server VCS and Cisco Expressway could allow an unauthenticated, remote attacker to cause high memory consumption and CPU utilization, which could cause some services to become unavailable and degrade performance. The...

Cisco MDS 9000 Series Denial of Service Vulnerability

A vulnerability in the high availability HA subsystem of Cisco NX-OS running on MDS 9000 series devices could allow an unauthenticated, remote attacker to cause a denial of device DoS condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabilit...

Cisco WebEx Meetings Server User Enumeration Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to guess valid user accounts on the targeted system. The vulnerability exists because the affected software fails to refresh the CAPTCHA on the login page. An attacker could exploit this vulnerability b...