57 matches found
Cross site scripting
A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to...
CVE-2018-0276
A vulnerability in Cisco WebEx Connect IM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affect...
CVE-2017-12308
A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation ...
Cross site scripting
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...
CVE-2017-1326
IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060...
CVE-2016-8369
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request CROSS-SITE REQUEST FORGERY...
Internet Bug Bounty: Double Free Corruption in wddx.c (extension)
There are a bug double free occur in wddxdeserialize, which trying to deserialize malicious xml input from user's request. The problem start here in : static void phpwddxpushelementvoid userdata, const XMLChar name, const XMLChar atts ...snip..... else if !strcmpchar name, ELBOOLEAN int i; if att...
Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability
A vulnerability in the HTTP framework of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against an affected device. The vulnerability is due to insufficient filtering of output data. An attacker could exploit this...
CVE-2014-4977
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the 2 userid parameter in the changeUnit function, 3 methodDeta...
ZNC Detection (IRC)
IRC based detection ZNC. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.100243";...
Novell Privileged User Manager code execution
It's possible to load dynamic libraries including ones from network shares by user's request...
CVE-2009-1072
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAPMKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the rootsquash option...
CVE-2009-1072
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAPMKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the rootsquash option...
PT-2005-4743 · Sapid · Sapid Cms
Name of the Vulnerable Software and Affected Versions: SAPID CMS versions prior to 1.2.3.03 Description: The issue involves multiple unspecified vulnerabilities related to newly registered users and possibly authorization checks. These vulnerabilities have unknown impact and attack vectors,...
Sun Java System Application Server 7.0/8.0 - Remote Installation Full Path Disclosure
source: https://www.securityfocus.com/bid/10424/info It is reported that Java System Application Server is prone to a remote installation path disclosure vulnerability. This issue is due to a failure of the application to properly filter user requests. Successful exploitation of this issue may...
Crob FTP Server 3.5.1 - Denial of Service
Crob FTP Server 3.5.1 - Denial of Service source: https://www.securityfocus.com/bid/9549/info A vulnerability has been reported in the Crob FTP server, which occurs due to a lack of validation of input from the user. By issuing a malformed request a malevolent user may be able to force the server...
Apple QuickTime 5.0 - Content-Type Remote Buffer Overflow
Apple QuickTime 5.0 - Content-Type Remote Buffer Overflow // source: https://www.securityfocus.com/bid/4064/info Apple QuickTime is a freely available media player. It runs on a number of platforms including MacOS and Windows 9x/ME/NT/2000/XP operating systems. Apple QuickTime For Windows does no...