5909 matches found
Authentication flaw
A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is...
CVE-2019-1938 Cisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is...
CVE-2019-1938 Cisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is...
Cisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is...
Pulse Secure SSL VPN 8.1R15.1 / 8.2 / 8.3 / 9.0 Arbitrary File Disclosure
Exploit Title: File disclosure in Pulse Secure SSL VPN metasploit Google Dork: inurl:/dana-na/ filetype:cgi Date: 8/20/2019 Exploit Author: 0xDezzy Justin Wagner, Alyssa Herrera Vendor Homepage: https://pulsesecure.net Version: 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before...
Pulse Secure 8.1R15.18.28.39.0 SSL VPN - Arbitrary File Disclosure (Metasploit)
Pulse Secure 8.1R15.18.28.39.0 SSL VPN - Arbitrary File Disclosure Metasploit Exploit Title: File disclosure in Pulse Secure SSL VPN metasploit Google Dork: inurl:/dana-na/ filetype:cgi Date: 8/20/2019 Exploit Author: 0xDezzy Justin Wagner, Alyssa Herrera Vendor Homepage: https://pulsesecure.net...
CVE-2019-14255
A Server Side Request Forgery SSRF vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints...
CVE-2019-14255
A Server Side Request Forgery SSRF vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints...
Server side request forgery (ssrf)
A Server Side Request Forgery SSRF vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints...
CVE-2019-14255
The CVE-2019-14255 entry concerns go-camo
Low: Red Hat Security Advisory: python-requests security update
An update for python-requests is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery Product : Catalyst 3850 Series Device Manager Version : 3.6.10E Date: 01.08.2019 Vendor Homepage: https://www.cisco.com Exploit Author: Alperen Soydan Description : The application interface allows users to perform certain...
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Product : Catalyst 3850 Series Device Manager Version : 3.6.10E Vendor Homepage: https://www.cisco.com Exploit Author: Alperen Soydan Description : The application interface allows users to perform certain actions via HTTP requests withou...
Cisco Catalyst 3850 Series Device Manager 3.6.10E Cross Site Request Forgery
Product : Catalyst 3850 Series Device Manager Version : 3.6.10E Date: 01.08.2019 Vendor Homepage: https://www.cisco.com Exploit Author: Alperen Soydan Description : The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify...
Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery
Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery Product : Cisco Wireless Controller Version : 3.6.10E last version Date: 23.07.2019 Vendor Homepage: https://www.cisco.com Exploit Author: Mehmet Önder Key Website: htts://cloudvist.com CVE: CVE-2019-12624 Description : The applicatio...
Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Product : Cisco Wireless Controller Version : 3.6.10E last version Vendor Homepage: https://www.cisco.com Exploit Author: Mehmet Önder Key Website: htts://cloudvist.com Description : The application interface allows users to perform certa...
Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery
Product : Cisco Wireless Controller Version : 3.6.10E last version Date: 23.07.2019 Vendor Homepage: https://www.cisco.com Exploit Author: Mehmet Önder Key Website: htts://cloudvist.com CVE: CVE-2019-12624 Description : The application interface allows users to perform certain actions via HTTP...
Cisco Wireless Controller 3.6.10E Cross Site Request Forgery
Product : Cisco Wireless Controller Version : 3.6.10E last version Date: 23.07.2019 Vendor Homepage: https://www.cisco.com Exploit Author: Mehmet Önder Key Website: htts://cloudvist.com Description : The application interface allows users to perform certain actions via HTTP requests without...
CVE-2018-17210
An issue was discovered in PrinterOn Central Print Services CPS through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass...
CVE-2019-1917 Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability
A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by...