CVE-2015-6259

The JavaServer Pages JSP component in Cisco Integrated Management Controller IMC Supervisor before 1.0.0.1 and UCS Director formerly Cloupia Unified Infrastructure Controller before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and...

Code injection

The JavaServer Pages JSP component in Cisco Integrated Management Controller IMC Supervisor before 1.0.0.1 and UCS Director formerly Cloupia Unified Infrastructure Controller before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and...

CVE-2015-6259

CVE-2015-6259 affects Cisco Integrated Management Controller (IMC) Supervisor prior to 1.0.0.1 and Cisco UCS Director prior to 5.2.0.1. The JSP component enables remote attackers to overwrite arbitrary files via crafted HTTP requests, a vulnerability tracked as CSCus36435/CSCus62625. The issue is...

CVE-2015-6259

The JavaServer Pages JSP component in Cisco Integrated Management Controller IMC Supervisor before 1.0.0.1 and UCS Director formerly Cloupia Unified Infrastructure Controller before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and...

Cisco Patches File Overwrite Bug in IMC Supervisor and UCS Director

Cisco has patched a remote file-overwrite vulnerability in a couple of its products that could allow an attacker to replace arbitrary files and cause target systems to become unstable. The vulnerability affects the Cisco Integrated Management Controlled Supervisor and UCS Director software. The...

ownCloud: apps.owncloud.com: Potential XSS

@alaarfaoui reported an issue potentially leading to a XSS vulnerability when an attacker is able to intercept and modify unencrypted HTTP requests. As of request by the reporter this issue has been only disclosed limited. Potential XSS Vulnerability was found. Able to steal the victim's session...

[SECURITY] Fedora 21 Update: php-guzzle-Guzzle-3.9.3-5.fc21

Guzzle takes the pain out of sending HTTP requests and the redundancy out of creating web service clients. Guzzle is a framework that includes the tools needed to create a robust web service client, including: Service descriptions for defining the inputs and outputs of an API, resource iterators...

[SECURITY] Fedora 22 Update: php-guzzle-Guzzle-3.9.3-5.fc22

Guzzle takes the pain out of sending HTTP requests and the redundancy out of creating web service clients. Guzzle is a framework that includes the tools needed to create a robust web service client, including: Service descriptions for defining the inputs and outputs of an API, resource iterators...

[SECURITY] Fedora 23 Update: php-guzzle-Guzzle-3.9.3-5.fc23

Guzzle takes the pain out of sending HTTP requests and the redundancy out of creating web service clients. Guzzle is a framework that includes the tools needed to create a robust web service client, including: Service descriptions for defining the inputs and outputs of an API, resource iterators...

up.time 7.5.0 Cross Site Request Forgery / Cross Site Scripting

up.time 7.5.0 XSS And CSRF Add Admin Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software. Desc: The application allows users to perform certain actions via HTTP...

Input validation

The administrator web interface in Cisco TelePresence Video Communication Server VCS X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796...

CVE-2015-4329

The administrator web interface in Cisco TelePresence Video Communication Server VCS X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796...

CVE-2015-4329

The Cisco TelePresence Video Communication Server (Expressway) admin web interface (VCS X8.5.2) is affected by CVE-2015-4329 due to insufficient input validation. An authenticated, remote attacker can craft HTTP requests to execute arbitrary OS commands on the underlying device, with potential pr...

CVE-2015-4328

Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified...

CVE-2015-4328

Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified...

Cisco TelePresence Video Communication Server Expressway Arbitrary Command Execution Vulnerability

Cisco TelePresence Video Communication Server VCS Expressway is a TelePresence video communication server from Cisco that integrates with Unified Communications and voice communication environments to provide the best possible experience for end users using a variety of communication tools. A...

up.time 7.5.0 XSS And CSRF Add Admin Exploit

Exploit for php platform in category web applications up.time 7.5.0 XSS And CSRF Add Admin Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software. Desc: The application...

up.time 7.5.0 - Cross-Site Scripting Cross-Site Request Forgery (Add Admin)

up.time 7.5.0 - Cross-Site Scripting Cross-Site Request Forgery Add Admin up.time 7.5.0 XSS And CSRF Add Admin Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software...

up.time 7.5.0 XSS And CSRF Add Admin Exploit

Summary The next-generation of IT monitoring software. Description The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-i...

up.time 7.5.0 - Cross-Site Scripting / Cross-Site Request Forgery (Add Admin)

up.time 7.5.0 XSS And CSRF Add Admin Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software. Desc: The application allows users to perform certain actions via HTTP...