Lucene search
K

57 matches found

Prion
Prion
added 2018/07/18 11:29 p.m.15 views

Cross site scripting

A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to...

4.3CVSS6AI score0.0178EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2018/04/19 8:0 p.m.17 views

CVE-2018-0276

A vulnerability in Cisco WebEx Connect IM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affect...

6.1AI score0.00918EPSS
Exploits0References2
NVD
NVD
added 2018/01/18 6:29 a.m.20 views

CVE-2017-12308

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation ...

6.1CVSS6.6AI score0.00833EPSS
Exploits0References1
Prion
Prion
added 2017/11/30 9:29 a.m.11 views

Cross site scripting

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...

4.3CVSS6AI score0.0122EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/06/22 6:29 p.m.17 views

CVE-2017-1326

IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060...

4.3CVSS4.4AI score0.00796EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/02/13 9:0 p.m.22 views

CVE-2016-8369

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request CROSS-SITE REQUEST FORGERY...

8.7AI score0.00641EPSS
Exploits0References2
Hacker One
Hacker One
added 2016/06/21 3:52 p.m.16 views

Internet Bug Bounty: Double Free Corruption in wddx.c (extension)

There are a bug double free occur in wddxdeserialize, which trying to deserialize malicious xml input from user's request. The problem start here in : static void phpwddxpushelementvoid userdata, const XMLChar name, const XMLChar atts ...snip..... else if !strcmpchar name, ELBOOLEAN int i; if att...

7.7AI score
Exploits0
OpenVAS
OpenVAS
added 2016/06/20 12:0 a.m.22 views

Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability

A vulnerability in the HTTP framework of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against an affected device. The vulnerability is due to insufficient filtering of output data. An attacker could exploit this...

6.1CVSS6.2AI score0.00773EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/07/16 2:0 p.m.30 views

CVE-2014-4977

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the 2 userid parameter in the changeUnit function, 3 methodDeta...

8AI score0.74932EPSS
Exploits5References8
OpenVAS
OpenVAS
added 2009/07/26 12:0 a.m.47 views

ZNC Detection (IRC)

IRC based detection ZNC. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.100243";...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2009/07/22 12:0 a.m.31 views

Novell Privileged User Manager code execution

It's possible to load dynamic libraries including ones from network shares by user's request...

3.4AI score
Exploits0References1Affected Software1
NVD
NVD
added 2009/03/25 1:30 a.m.23 views

CVE-2009-1072

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAPMKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the rootsquash option...

4.9CVSS4.7AI score0.00427EPSS
Exploits0References29
Cvelist
Cvelist
added 2009/03/25 1:0 a.m.32 views

CVE-2009-1072

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAPMKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the rootsquash option...

4.6AI score0.00427EPSS
Exploits0References29
Positive Technologies
Positive Technologies
added 2005/12/05 12:0 a.m.4 views

PT-2005-4743 · Sapid · Sapid Cms

Name of the Vulnerable Software and Affected Versions: SAPID CMS versions prior to 1.2.3.03 Description: The issue involves multiple unspecified vulnerabilities related to newly registered users and possibly authorization checks. These vulnerabilities have unknown impact and attack vectors,...

10CVSS6.9AI score0.01375EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2004/05/27 12:0 a.m.19 views

Sun Java System Application Server 7.0/8.0 - Remote Installation Full Path Disclosure

source: https://www.securityfocus.com/bid/10424/info It is reported that Java System Application Server is prone to a remote installation path disclosure vulnerability. This issue is due to a failure of the application to properly filter user requests. Successful exploitation of this issue may...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2004/02/02 12:0 a.m.14 views

Crob FTP Server 3.5.1 - Denial of Service

Crob FTP Server 3.5.1 - Denial of Service source: https://www.securityfocus.com/bid/9549/info A vulnerability has been reported in the Crob FTP server, which occurs due to a lack of validation of input from the user. By issuing a malformed request a malevolent user may be able to force the server...

7.3AI score
Exploits0
exploitpack
exploitpack
added 2002/02/08 12:0 a.m.23 views

Apple QuickTime 5.0 - Content-Type Remote Buffer Overflow

Apple QuickTime 5.0 - Content-Type Remote Buffer Overflow // source: https://www.securityfocus.com/bid/4064/info Apple QuickTime is a freely available media player. It runs on a number of platforms including MacOS and Windows 9x/ME/NT/2000/XP operating systems. Apple QuickTime For Windows does no...

7.5AI score
Exploits0
Rows per page
Query Builder