Lucene search
+L

264 matches found

osv
osv
added 2016/09/12 10:59 a.m.8 views

CVE-2016-6394

Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503...

9.1CVSS5.8AI score0.01448EPSS
Exploits0References3
prion
prion
added 2016/09/12 10:59 a.m.19 views

Session fixation

Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503...

5.8CVSS7.1AI score0.01448EPSS
Exploits0References3Affected Software1
cve
cve
added 2016/09/12 10:0 a.m.50 views

CVE-2016-6394

Cisco Firepower Management Center and FireSIGHT System Software (up to version 6.1.0) suffer a session fixation flaw where the application does not assign a new session identifier after authentication, enabling an attacker to hijack a valid user session. Root cause: insecure session handling in t...

9.1CVSS9AI score0.01448EPSS
Exploits0References3Affected Software1
cve
cve
added 2016/09/12 10:0 a.m.204 views

CVE-2016-6396

Cisco Firepower Management Center and FireSIGHT System Software before 6.1 are affected by CVE-2016-6396. The issue arises from improper validation of HTTP header fields in the malware blocking/detection features, which could allow an unauthenticated, remote attacker to bypass malware detection b...

5.3CVSS5.3AI score0.01244EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2016/09/12 10:0 a.m.22 views

CVE-2016-6394

Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503...

9.1AI score0.01448EPSS
Exploits0References3
cve
cve
added 2016/09/12 10:0 a.m.58 views

CVE-2016-6395

Cisco Firepower Management Center and FireSIGHT System Software are affected by CVE-2016-6395; the web-based management interface vulnerability allows remote authenticated users to inject arbitrary script or HTML via a crafted URL (XSS) in versions before 6.1. The issue is associated with Bug ID ...

5.4CVSS5AI score0.01104EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2016/09/12 10:0 a.m.28 views

CVE-2016-6396

Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482...

5.3AI score0.01244EPSS
Exploits0References3
cnvd
cnvd
added 2016/09/09 12:0 a.m.4 views

Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability

Cisco Firepower Management Center and FireSIGHT System Software are management center software from Cisco in the United States. A session fixation vulnerability exists in Cisco Firepower Management Center and FireSIGHT System Software, which allows remote attackers to exploit the vulnerability to...

9.1CVSS6.9AI score0.01448EPSS
Exploits0References1
cnvd
cnvd
added 2016/09/09 12:0 a.m.6 views

Cisco Firepower Management Center and FireSIGHT System Software Security Bypass Vulnerability

Cisco Firepower Management Center and FireSIGHT System Software are management center software from Cisco in the United States. Cisco Firepower Management Center and FireSIGHT System Software fail to properly validate fields in HTTP headers, allowing remote attackers to exploit vulnerabilities to...

5.3CVSS7.1AI score0.01244EPSS
Exploits0References1
cnvd
cnvd
added 2016/09/09 12:0 a.m.5 views

Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability

Cisco Firepower Management Center and FireSIGHT System Software are management center software from Cisco in the United States. A cross-site scripting vulnerability in the web-based management interface of Cisco Firepower Management Center and FireSIGHT System Software allows remote attackers to...

5.4CVSS6.2AI score0.01104EPSS
Exploits0References1
openvas
openvas
added 2016/09/08 12:0 a.m.19 views

Cisco FireSIGHT System Software Session Fixation Vulnerability

A vulnerability in session identification management functionality of the web-based management interface for Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to hijack a valid user session. The vulnerability exists because the affected application does not assign a...

9.1CVSS9.2AI score0.01448EPSS
Exploits0References2
openvas
openvas
added 2016/09/08 12:0 a.m.41 views

Cisco FireSIGHT System Software Malware Bypass Vulnerability

A vulnerability in the malicious file detection and blocking features of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to improper input validation of fields in HTTP headers. A...

5.3CVSS5.5AI score0.01244EPSS
Exploits0References1
openvas
openvas
added 2016/09/08 12:0 a.m.21 views

Cisco FireSIGHT System Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco FireSIGHT System Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient...

5.4CVSS5.4AI score0.01104EPSS
Exploits0References1
cisco
cisco
added 2016/09/07 4:0 p.m.63 views

Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability

A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to improper input...

5CVSS5.3AI score0.01244EPSS
Exploits0References1
cisco
cisco
added 2016/09/07 4:0 p.m.33 views

Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability

A vulnerability in session identification management functionality of the web-based management interface for Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to hijack a valid user session. The vulnerability exists because the...

5.8CVSS9.2AI score0.01448EPSS
Exploits0References1
openvas
openvas
added 2016/07/29 12:0 a.m.14 views

Cisco FireSIGHT Detection (HTTP)

This script performs HTTP based detection of Cisco FireSIGHT Management Center SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

7.1AI score
Exploits0References1
openvas
openvas
added 2016/07/29 12:0 a.m.20 views

Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability

A vulnerability in Snort rule detection in Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass configured rules that use Snort detection. The vulnerability is due to improper handling of HTTP header parameters. An attacker could exploit this vulnerability by...

7.5CVSS7.6AI score0.02113EPSS
Exploits0References1
nvd
nvd
added 2016/07/28 1:59 a.m.17 views

CVE-2016-1463

Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737...

7.5CVSS7.6AI score0.02113EPSS
Exploits0References3
osv
osv
added 2016/07/28 1:59 a.m.4 views

CVE-2016-1463

Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737...

7.5CVSS5.8AI score0.02113EPSS
Exploits0References3
prion
prion
added 2016/07/28 1:59 a.m.15 views

Design/Logic Flaw

Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737...

5CVSS7.2AI score0.02113EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder