EUVD-2018-0505

Malware in sbrugna...

CVE-2024-20296

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected...

Cisco Identity Services Engine Arbitrary File Upload (cisco-sa-ise-file-upload-krW2TxA9)

According to its self-reported version, Cisco Identity Services Engine Arbitrary File Upload is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload arbitrary files to an...

Cisco Identity Services Engine Arbitrary File Upload Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected...

PT-2024-18642 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker to upload arbitrary files to an affected device. The attacker...

CVE-2023-20030 Cisco Identity Services Engine XML External Entity Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery SSRF attack through an affected device, or negatively impact the responsiveness of the...

CVE-2023-20030

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery SSRF attack through an affected device, or negatively impact the responsiveness of the...

Cisco Identity Services Engine XML External Entity Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery SSRF attack through an affected device, or negatively impact the responsiveness of the...

GHSA-83M2-9G78-RRJ4 Apache Ranger Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...

Apache Ranger Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header...

Apache Ranger allows users to bypass intended access restrictions via direct access to module URLs

The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs...

Apache Ranger allows users to bypass intended access restrictions via the REST API

The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API...

Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML

Cross-site scripting XSS vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies...

GHSA-RF7Q-XQM3-6923 Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML

Cross-site scripting XSS vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies...

GHSA-4RJF-MXFM-98H5 SQL injection vulnerability in the policy admin tool in Apache Ranger

SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime...

SQL injection vulnerability in the policy admin tool in Apache Ranger

SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime...

Cross site scripting

Cross-site scripting XSS vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies...

CVE-2016-5395

CVE-2016-5395 is a cross-site scripting (XSS) vulnerability in Apache Ranger’s policy admin create-user function, exploitable by remote authenticated administrators to inject script or HTML via policy-related vectors. Affected product: Apache Ranger (prior to 0.6.1). Root cause: insufficient inpu...

CVE-2016-2174

SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime...

Sql injection

SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime...