Cisco Unified Presence Server SQL Injection Vulnerability

A vulnerability in the web interface of Cisco Unified Presence Server could allow an authenticated, remote attacker to impact the confidentiality, integrity, and availability of the affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied...

WordPress Persuasion 主题'dl-skin.php'任意文件访问漏洞

BUGTRAQ ID: 64501 Persuasion是一款强大的商业主题。 Persuasion 2.0、2.3版本没有有效过滤用户输入，攻击者可利用此漏洞下载或删除任意文件。 0 mysitemyway persuasion 2.3 mysitemyway persuasion 2.0 厂商补丁： mysitemyway ----------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://mysitemyway.com/theme/persuasion-wordpress-theme/ Exploit Title:...

Cisco IOS XE Software Telnet Authentication Bypass Vulnerability

A vulnerability in the vty authentication of Cisco IOS XE Software 03.02.xxSE and 03.03.xxSE only could allow an unauthenticated, remote attacker to access an affected device without authentication and perform actions on the device with the privileges configured for the vty line interface. The...

WordPress Theme Persuasion 2.x - Arbitrary File Download / File Deletion

Exploit Title: Persuasion Wordpress Theme - Arbitrary File Download and File Deletion Exploit Date: 19 December 2013 Exploit Author: Interference Security Vendor Homepage: http://mysitemyway.com/ Software Link: http://mysitemyway.com/theme/persuasion-wordpress-theme/ Version: Tested on 2.0 and 2....

WordPress Theme Persuasion 2.x - Arbitrary File Download File Deletion

WordPress Theme Persuasion 2.x - Arbitrary File Download File Deletion Exploit Title: Persuasion Wordpress Theme - Arbitrary File Download and File Deletion Exploit Date: 19 December 2013 Exploit Author: Interference Security Vendor Homepage: http://mysitemyway.com/ Software Link:...

Cisco NX-OS Directory Traversal Vulnerability

A vulnerability in the Command Line Interface CLI of the Cisco NX-OS Software could allow an authenticated, local attacker to delete arbitrary files on the device. The vulnerability is due to improper filtering of user input. An attacker could exploit this vulnerability by leveraging the filesys...

Cisco WebEx Collaboration Partner Access Console Cross-Site Scripting Vulnerability

A vulnerability in the Collaboration Partner Access Console CPAC of Cisco WebEx Business Suite could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

Cisco WebEx Meeting Center Mobile Browser Redirection Cross-Site Scripting Vulnerability

A vulnerability in how mobile browsers redirect to the mobile version of Cisco WebEx Meeting Center sites could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could...

Cisco WebEx Training Center Training Registration Cross-Site Scripting Vulnerability

A vulnerability in the training center registration page of Cisco WebEx Training Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

Cisco WebEx Business Suite Site Access Control Bypass Vulnerability

A vulnerability in the site access control implementation of Cisco WebEx Business Suite could allow an authenticated, remote attacker to inject content from the attacker-controlled WebEx site into another WebEx site. The vulnerability is due to insufficient validation of user-supplied input. An...

Cisco WebEx Sales Center Reflected Cross-Site Scripting Vulnerability

A vulnerability in the administrative page for creating a new product in Cisco WebEx Sales Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit thi...

Cisco WebEx Training Center Cross-Site Request Forgery Vulnerabilities

A vulnerability in the web framework of Cisco WebEx Training Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by persuading a user to...

Cisco WebEx Training Center Registered Attendee Email Enumeration Vulnerability

A vulnerability in the training registration page in Cisco WebEx Training Center could allow an unauthenticated, remote attacker to enumerate email addresses of registered attendees. The vulnerability is due to registration error messages that allow a user to determine that an email address...

Cisco Adaptive Security Appliance Management Connections Denial of Service Vulnerability

A vulnerability in the Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause an affected system to become unresponsive to management session requests via SSH, Telnet, HTTP, and HTTPS. The vulnerability is due to a memory leak in the connection...

Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability

A vulnerability in the Assurance component of Cisco Prime Collaboration could allow an unauthenticated, remote attacker to conduct several cross-site scripting XSS attacks against the user of the web interface of the affected system. The vulnerability is due to insufficient validation of user...

Cisco Wireless LAN Controller Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a...

Cisco IOS Software MLDP Denial of Service Vulnerability

A vulnerability in MLDP processing of Cisco IOS Software on Cisco 7600 Series routers could allow an unauthenticated, remote attacker to cause a reload of the affected device, which could lead to a denial of service DoS condition. The vulnerability is due to chunk corruption when MLDP and a large...

Two-year-old vulnerability in JBoss Application Servers enables Remote Shell for Hackers

Cyber security of many organizations being attacked at an extremely high rate this month, well another alarming cyber crime report become public today. A widely unpatched and two years old critical vulnerability in JBoss Application Server AS that enable an attacker to remotely get a shell on a...

JBoss AS Attacks Up Since Exploit Code Disclosed

Attackers are exploiting a two-year-old vulnerability in JBoss Application Servers that enables a hacker to remotely get a shell on a vulnerable webserver. The number of infections has surged since exploit code called pwn.jsp was publicly disclosed Oct. 4. Researchers at Imperva said that a numbe...

Cisco Enterprise License Manager Path Traversal Vulnerability

A vulnerability in the license upload interface of the Cisco Enterprise License Manager ELM could allow an authenticated, remote attacker to upload files to arbitrary locations on the filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabili...