5908 matches found
Directory traversal
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software prior to Release 11.1 could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation o...
CVE-2017-6642
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when...
CVE-2017-6636
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software prior to Release 11.1 could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HT...
Design/Logic Flaw
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when...
CVE-2017-6637
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software prior to Release 11.1 could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation o...
CVE-2017-6647
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive...
CVE-2017-6646
CVE-2017-6646 affects Cisco Remote Expert Manager Software web interface (11.0.0). An unauthenticated remote attacker can access sensitive order information by sending crafted HTTP requests because the software does not sufficiently protect sensitive data in HTTP responses. The vulnerability is d...
CVE-2017-6642
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when...
CVE-2017-6644
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when...
CVE-2017-6647
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive...
CVE-2017-6637
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software prior to Release 11.1 could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation o...
CVE-2017-6635
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software prior to Release 12.1 could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation o...
Cisco Prime Collaboration Provisioning < 12.1 Multiple Vulnerabilities (cisco-sa-20170517-pcp1 - cisco-sa-20170517-pcp3)
According to its self-reported version number, the remote Cisco Prime Collaboration Provisioning server is 9.x, 10.x, 11.x, or 12.x prior to 12.1. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the web interface when handling HTTP...
Disk Pulse Enterprise Server HttpParser Buffer Overflow
A buffer overflow vulnerability has been reported in the web server component of Disk Pulse Enterprise Server. The vulnerability is due to a failure on part of the application to implement proper bounds checking on components found in HTTP requests. A remote, unauthenticated attacker could exploi...
CVE-2017-4014
CVE-2017-4014 affects McAfee Network Data Loss Prevention (NDLP) 9.3.x. The vulnerability is described as a session-side hijack in the server, allowing remote authenticated users to view, add, and remove users by modifying HTTP requests. Affected component is the server implementation of NDLP 9.3...
Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and...
Cisco Remote Expert Manager Virtual Directory Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...
Cisco Remote Expert Manager Temporary File Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...
Cisco Remote Expert Manager Order Information Disclosure Vulnerability
A vulnerability in the web interface of Cisco Remote Expert Manager Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding t...
I, Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: I, Librarian PDF manager vulnerable version: =4.6 & 4.7 fixed version: 4.8 CVE number: - impact: Critical homepage:...