Lucene search
+L

1022 matches found

OSV
OSV
added 2018/04/19 8:29 p.m.4 views

CVE-2018-0266

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsin...

4.3CVSS5.8AI score0.01756EPSS
Exploits0References3
CNVD
CNVD
added 2018/04/03 12:0 a.m.4 views

Cisco IOS XE Software Cross-Site Scripting Vulnerability (CNVD-2018-07636)

Cisco IOS XE Software is an operating system developed by Cisco for its network devices. A cross-site scripting vulnerability exists in the Web UI of Cisco IOS XE Software, which arises from the program's failure to adequately perform input validation on parameters sent to the affected software v...

6.1CVSS6.7AI score0.00918EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/08 12:0 a.m.5 views

User Forgery Vulnerability in Multiple Belden Hirschmann Switch Products

Belden Hirschmann RS, etc. are switch products of Belden USA. A security vulnerability exists in the web interface in several Belden Hirschmann switch products. An attacker could exploit the vulnerability to spoof legitimate users...

6.5CVSS6.8AI score0.01306EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/08 12:0 a.m.5 views

Man-in-the-middle attack vulnerability in multiple Belden Hirschmann switch products (CNVD-2018-04783)

Belden Hirschmann RS, etc. are switch products of Belden USA. A security vulnerability exists in the web interface of several Belden Hirschmann switch products. An attacker could exploit this vulnerability to obtain sensitive information by performing a man-in-the-middle attack...

6.5CVSS6.4AI score0.0045EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/08 12:0 a.m.6 views

Polycom QDX 6000 Cross-Site Request Forgery Vulnerability

Polycom QDX 6000 devices is a video conferencing endpoint device from Polycom, Inc.Web application interface is one of the Web application interfaces. A cross-site request forgery vulnerability exists in the web application interface in Polycom QDX 6000 devices. A remote attacker could use this...

8.8CVSS7AI score0.0046EPSS
Exploits0References1
NVD
NVD
added 2018/03/06 9:29 p.m.20 views

CVE-2018-5469

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper restriction of excessive authentication vulnerability in the web interface has been identified,...

9.8CVSS9.7AI score0.02894EPSS
Exploits0References2
CNVD
CNVD
added 2018/03/01 12:0 a.m.5 views

Parallels Remote Application Server Path Traversal Vulnerability

Parallels Remote Application Server RAS is a suite of virtual application and desktop delivery solutions from Parallels, Inc. in the United States. The solution provides remote access to virtual desktops and applications for devices on the network. A security vulnerability exists in the web...

7.5CVSS7AI score0.02015EPSS
Exploits5References1
CNVD
CNVD
added 2018/02/26 12:0 a.m.8 views

Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability (CNVD-2018-05306)

Cisco Data Center Analytics Framework DCAF application is a set of data center analytics frameworks from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the web-based management interface of the Cisco DCAF application, which stems from the program's failure to...

6.1CVSS6.6AI score0.00885EPSS
Exploits0References1
CNVD
CNVD
added 2018/02/05 12:0 a.m.5 views

Extreme Networks ExtremeWireless WiNG Denial of Service Vulnerability (CNVD-2018-03323)

Extreme Networks ExtremeWireless WiNG is a wireless access solution from Extreme Networks.WiNG Access Point AP is one of the wireless access points.Controller is the wireless controller.Web User Interface is one of the web management interfaces. The WiNG Access Point AP is a wireless access point...

7.5CVSS6.7AI score0.01065EPSS
Exploits0References1
CNVD
CNVD
added 2017/12/19 12:0 a.m.4 views

TP-Link TL-WVR and TL-WAR arbitrary command execution vulnerability (CNVD-2018-01233)

TP-Link TL-WVR and TL-WAR are both wireless router products from China P&L TP-LINK. A security vulnerability exists in the TP-Link TL-WVR and TL-WAR. The vulnerability can be exploited by a remote attacker to execute arbitrary commands by sending the admin/dhcps command with shell metacharacters ...

9CVSS7.8AI score0.02644EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2017/12/07 12:0 a.m.7 views

The vulnerability in the web interface of the Cisco Prime Home system allows a perpetrator to bypass the authentication process and perform arbitrary actions with administrator privileges.

The vulnerability in the Cisco Prime Home system’s web interface exists due to deficiencies in the authentication process related to role-based access control RBAC errors. Exploiting this vulnerability allows a malicious actor to bypass the authentication process and perform arbitrary actions wit...

10CVSS7.9AI score0.04107EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2017/11/21 12:0 a.m.5 views

Cisco Registered Envelope Service Cross-Site Scripting Vulnerability (CNVD-2017-34810)

Cisco Registered Envelope Service is a set of mail service solutions from Cisco USA. The product includes read receipts for mail, mail recycling, mail forwarding and reply functions, and provides smartphone support. A cross-site scripting vulnerability exists in the web interface in Cisco...

6.1CVSS6.6AI score0.00868EPSS
Exploits0References1
OSV
OSV
added 2017/10/19 8:29 a.m.3 views

CVE-2017-12285

A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validatio...

5.3CVSS5.9AI score0.37192EPSS
Exploits0References3
Cisco
Cisco
added 2017/10/18 4:0 p.m.52 views

Cisco Unified Contact Center Express Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected device. The vulnerability is due to insufficient validation of user-supplied inp...

6.1CVSS6.1AI score0.0122EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2017/10/17 12:0 a.m.6 views

The vulnerability in the web interface of the Kaspersky Anti-Virus for Linux File Server allows a malicious actor to send authenticated requests.

The vulnerability of the Kaspersky Anti-Virus for Linux File Server web interface is related to the absence of Anti-CSRF tokens in all forms of the interface. Exploiting this vulnerability allows a malicious actor to send authenticated requests during the time when the authenticated user is viewi...

6.8CVSS7.6AI score0.01932EPSS
Exploits5References6Affected Software1
CNVD
CNVD
added 2017/09/27 12:0 a.m.5 views

HPE System Management Homepage Authentication Bypass Vulnerability

HPE System Management Homepage is a Web-based interface from Hewlett Packard Enterprise. A security vulnerability exists in HPE System Management Homepage that allows an attacker to submit a special request to bypass authentication and gain unauthorized access...

5.6CVSS6.1AI score0.00316EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/09/21 12:0 a.m.7 views

PT-2017-12430 · Cisco · Cisco Unified Intelligence Center

Name of the Vulnerable Software and Affected Versions: Cisco Unified Intelligence Center affected versions not specified Description: A vulnerability in the web interface could allow an unauthenticated, remote attacker to perform a Document Object Model DOM-based cross-site scripting attack. This...

6.1CVSS6.4AI score0.02336EPSS
Exploits0References5
CNVD
CNVD
added 2017/09/08 12:0 a.m.5 views

Cisco Firepower Management Center Cross-Site Scripting Vulnerability

Cisco Firepower Management Center is a new generation of firewall management center software from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the web-based management interface in Cisco Firepower Management Center, which results from the program failing to...

6.1CVSS6.3AI score0.00868EPSS
Exploits0References1
CNVD
CNVD
added 2017/09/08 12:0 a.m.7 views

Cisco SocialMiner XML External Entity Injection Vulnerability

Cisco SocialMiner is the United States Cisco Cisco a social media call center solution. The solution supports social media monitoring and analytics. An XML external entity injection vulnerability exists in the web-based user interface of Cisco SocialMiner, which arises from the program's failure ...

8.8CVSS9AI score0.02916EPSS
Exploits0References1
CNVD
CNVD
added 2017/07/24 12:0 a.m.5 views

Cisco AsyncOS Software Command Injection Vulnerability

The Cisco AsyncOS operating system is available to enhance the security and performance of Cisco email security appliances. A security vulnerability exists in the web interface of the Cisco Web Security Appliance WSA. an authenticated remote attacker performs command injection to elevate privileg...

9CVSS7.5AI score0.04397EPSS
Exploits0References1
Rows per page
Query Builder