34 matches found
EUVD-2026-32674
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled taskname value directly when constructing session log paths. An authenticated client can supply path traversal sequences in taskname and cause...
EUVD-2014-3311
Malware in sbrugna...
EUVD-2014-0725
Malware in sbrugna...
Unpacking Qualys Agentic AI: Technical Insights into Its Architecture and Capabilities
Agentic AI revolutionizes how enterprise organizations leverage artificial intelligence by introducing systems designed to function as autonomous agents capable of planning, decision-making, and executing complex workflows with minimal human oversight. Unlike traditional AI, which often performs...
Security, Uninterrupted: Inside Qualys’ Zero-Touch Security Vision with Qualys Cloud Agent
New Feature: Remote Log Collection for Seamless Troubleshooting and Analysis In the modern enterprise, where resilience and scale are non-negotiable, the margin for error in cybersecurity has all but disappeared. Yet the tools available to security teams remain tethered to legacy...
Rapid7 Now Available Through Carahsoft’s NASPO ValuePoint
We are happy to announce that Rapid7’s solutions have been added to the NASPO ValuePoint Cloud Solutions contract held by Carahsoft Technology Corp. The addition of this contract enables Carahsoft and its reseller partners to provide Rapid7’s Insight platform to participating States, Local...
Cybersecurity Priorities in 2021: How Can CISOs Re-Analyze and Shift Focus?
2020 was a year of relentless disruptions. The protective layer of secured enterprise networks and controlled IT environments of the physical premises did not exist. Over the past year, CISOs Chief Information Security Officers have had to grapple with the challenges of bolstering the security...
Executing on the vision of Microsoft Threat Protection
Over the last several months, we’ve provided regular updates on the rapid progress we’re making with Microsoft Threat Protection, which enables your organization to: Protect your assets with identity-driven security and powerful conditional access policies which ensure your assets are secured fro...
CVE-2014-3352
CVE-2014-3352 affects Cisco Intelligent Automation for Cloud (Cisco Cloud Portal) 2008.3_SP9 and earlier. The root cause is improper handling of certain NULL sessions, leading to an information disclosure via crafted packets (the so-called iFrame vulnerability, Bug CSCuh84801). An unauthenticated...
CVE-2014-3352
Cisco Intelligent Automation for Cloud aka Cisco Cloud Portal 2008.3SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID...
Cisco Intelligent Automation for Cloud iFrame Vulnerability
A vulnerability in Cisco Intelligent Automation for Cloud could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to a failure to properly check for certain NULL sessions. An attacker could exploit this vulnerability by submitting crafted packets to...
Cisco Intelligent Automation for Cloud URL Redirection Vulnerability
A vulnerability in the URL redirection of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to obtain sensitive information. The vulnerability is due to improper sanitization of redirect URLs. An attacker could exploit this vulnerability by submitting crafted...
Cisco Intelligent Automation for Cloud Arbitrary File Upload Vulnerability
A vulnerability in Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to upload arbitrary files. The vulnerability is due to insufficient input validation of a file type. An attacker could exploit this vulnerability by submitting a crafted file to an affected...
Cisco Intelligent Automation for Cloud Enumeration Vulnerability
A vulnerability in Cisco Intelligent Automation for Cloud could allow an unauthenticated, remote attacker to view sensitive information. The vulnerability is due to a failure to properly check for certain NULL sessions. An attacker could exploit this vulnerability by submitting crafted packets to...
CVE-2014-3350
Cisco Intelligent Automation for Cloud aka Cisco Cloud Portal does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCuh84870...
CVE-2014-3350
Cisco Intelligent Automation for Cloud aka Cisco Cloud Portal does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCuh84870...
Session fixation
Cisco Intelligent Automation for Cloud aka Cisco Cloud Portal does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, aka Bug IDs CSCuh87398 and CSCuh87380...
Cisco Intelligent Automation for Cloud Form Data Viewer Utility Vulnerability
A vulnerability in the Form Data Viewer utility of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to view passwords of provisioned systems. The vulnerability is due to the inclusion of passwords in the form data. An attacker could exploit this vulnerability b...
Cisco Intelligent Automation for Cloud MyServices Vulnerabilities
A vulnerability in the MyServices action of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the inclusion of sensitive information in URLs. An attacker could exploit this vulnerability by viewing...
CVE-2014-3298
Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976...