CVE-2024-21386

A denial of service vulnerability is present in the .NET applications utilizing SignalR, which a malicious client can exploit. The issue arises from inadequate validation of user-supplied input in .NET. This flaw allows a remote attacker to trigger a denial of service DoS attack by providing...

CVE-2023-20021

Multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid...

CVE-2022-20831

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...

CVE-2022-20801

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to...

Liferay Portal 7.3.2 < 7.3.6 XSS

Liferay Portal 7.3.2 prior to 7.3.6 is affected by a cross-site scripting XSS vulnerability in its redirect module component due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...

CVE-2021-1214

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

CVE-2021-1202

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected...

CVE-2019-15240 Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An...

CVE-2019-12695 Cisco Adaptive Security Appliance and Firepower Threat Defense Software WebVPN Cross-Site Scripting Vulnerability

A vulnerability in the Clientless SSL VPN WebVPN portal of Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an...

CVE-2018-0144

A vulnerability in the web-based management interface of Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

CVE-2017-12291

The CVE-2017-12291 issue affects Cisco’s Cloud-based Cisco Registered Envelope Service web interface. The vulnerability set stems from insufficient validation of user-supplied input in the web-based management UI, enabling an unauthenticated, remote attacker to perform cross-site scripting (XSS) ...

Adobe AIR <= 18.0.0.199 Multiple Vulnerabilities (APSB15-23)

The version of Adobe AIR installed on the remote Windows host is equal or prior to version 18.0.0.199. It is, therefore, affected by multiple vulnerabilities : - An unspecified stack corruption issue exists that allows a remote attacker to execute arbitrary code. CVE-2015-5567, CVE-2015-5579 - A...

Kolibri WebServer HTTP POST Request Handling Remote Stack Buffer Overflow

Added: 10/10/2014 CVE: CVE-2014-5289 BID: 69263 OSVDB: 110142 Background SENKAS Kolibri Webserver is a free very simple web server for Microsoft Windows that supports serving static web content. Problem Kolibri Webserver is vulnerable to a stack buffer overflow as a result of failure to properly...

WordPress Theme Infocus - infocuslibscriptsdl-skin.php Local File Disclosure

WordPress Theme Infocus - infocuslibscriptsdl-skin.php Local File Disclosure source: https://www.securityfocus.com/bid/67934/info The Infocus theme for WordPress is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this...

ezCourses - admin.asp Security Bypass

ezCourses - admin.asp Security Bypass source: https://www.securityfocus.com/bid/49907/info ezCourses is prone to a security-bypass vulnerability because it fails to properly validate user-supplied input. Attackers could exploit the issue to bypass certain security restrictions and add or change t...

Xlpd Remote Denial of Service Vulnerability

Xlpd is prone to a denial-of-service vulnerability because it fails to adequately validate user-supplied input. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary...