1022 matches found
CVE-2018-0266
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsin...
Cisco IOS XE Software Cross-Site Scripting Vulnerability (CNVD-2018-07636)
Cisco IOS XE Software is an operating system developed by Cisco for its network devices. A cross-site scripting vulnerability exists in the Web UI of Cisco IOS XE Software, which arises from the program's failure to adequately perform input validation on parameters sent to the affected software v...
User Forgery Vulnerability in Multiple Belden Hirschmann Switch Products
Belden Hirschmann RS, etc. are switch products of Belden USA. A security vulnerability exists in the web interface in several Belden Hirschmann switch products. An attacker could exploit the vulnerability to spoof legitimate users...
Man-in-the-middle attack vulnerability in multiple Belden Hirschmann switch products (CNVD-2018-04783)
Belden Hirschmann RS, etc. are switch products of Belden USA. A security vulnerability exists in the web interface of several Belden Hirschmann switch products. An attacker could exploit this vulnerability to obtain sensitive information by performing a man-in-the-middle attack...
Polycom QDX 6000 Cross-Site Request Forgery Vulnerability
Polycom QDX 6000 devices is a video conferencing endpoint device from Polycom, Inc.Web application interface is one of the Web application interfaces. A cross-site request forgery vulnerability exists in the web application interface in Polycom QDX 6000 devices. A remote attacker could use this...
CVE-2018-5469
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper restriction of excessive authentication vulnerability in the web interface has been identified,...
Parallels Remote Application Server Path Traversal Vulnerability
Parallels Remote Application Server RAS is a suite of virtual application and desktop delivery solutions from Parallels, Inc. in the United States. The solution provides remote access to virtual desktops and applications for devices on the network. A security vulnerability exists in the web...
Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability (CNVD-2018-05306)
Cisco Data Center Analytics Framework DCAF application is a set of data center analytics frameworks from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the web-based management interface of the Cisco DCAF application, which stems from the program's failure to...
Extreme Networks ExtremeWireless WiNG Denial of Service Vulnerability (CNVD-2018-03323)
Extreme Networks ExtremeWireless WiNG is a wireless access solution from Extreme Networks.WiNG Access Point AP is one of the wireless access points.Controller is the wireless controller.Web User Interface is one of the web management interfaces. The WiNG Access Point AP is a wireless access point...
TP-Link TL-WVR and TL-WAR arbitrary command execution vulnerability (CNVD-2018-01233)
TP-Link TL-WVR and TL-WAR are both wireless router products from China P&L TP-LINK. A security vulnerability exists in the TP-Link TL-WVR and TL-WAR. The vulnerability can be exploited by a remote attacker to execute arbitrary commands by sending the admin/dhcps command with shell metacharacters ...
The vulnerability in the web interface of the Cisco Prime Home system allows a perpetrator to bypass the authentication process and perform arbitrary actions with administrator privileges.
The vulnerability in the Cisco Prime Home system’s web interface exists due to deficiencies in the authentication process related to role-based access control RBAC errors. Exploiting this vulnerability allows a malicious actor to bypass the authentication process and perform arbitrary actions wit...
Cisco Registered Envelope Service Cross-Site Scripting Vulnerability (CNVD-2017-34810)
Cisco Registered Envelope Service is a set of mail service solutions from Cisco USA. The product includes read receipts for mail, mail recycling, mail forwarding and reply functions, and provides smartphone support. A cross-site scripting vulnerability exists in the web interface in Cisco...
CVE-2017-12285
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validatio...
Cisco Unified Contact Center Express Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected device. The vulnerability is due to insufficient validation of user-supplied inp...
The vulnerability in the web interface of the Kaspersky Anti-Virus for Linux File Server allows a malicious actor to send authenticated requests.
The vulnerability of the Kaspersky Anti-Virus for Linux File Server web interface is related to the absence of Anti-CSRF tokens in all forms of the interface. Exploiting this vulnerability allows a malicious actor to send authenticated requests during the time when the authenticated user is viewi...
HPE System Management Homepage Authentication Bypass Vulnerability
HPE System Management Homepage is a Web-based interface from Hewlett Packard Enterprise. A security vulnerability exists in HPE System Management Homepage that allows an attacker to submit a special request to bypass authentication and gain unauthorized access...
PT-2017-12430 · Cisco · Cisco Unified Intelligence Center
Name of the Vulnerable Software and Affected Versions: Cisco Unified Intelligence Center affected versions not specified Description: A vulnerability in the web interface could allow an unauthenticated, remote attacker to perform a Document Object Model DOM-based cross-site scripting attack. This...
Cisco Firepower Management Center Cross-Site Scripting Vulnerability
Cisco Firepower Management Center is a new generation of firewall management center software from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the web-based management interface in Cisco Firepower Management Center, which results from the program failing to...
Cisco SocialMiner XML External Entity Injection Vulnerability
Cisco SocialMiner is the United States Cisco Cisco a social media call center solution. The solution supports social media monitoring and analytics. An XML external entity injection vulnerability exists in the web-based user interface of Cisco SocialMiner, which arises from the program's failure ...
Cisco AsyncOS Software Command Injection Vulnerability
The Cisco AsyncOS operating system is available to enhance the security and performance of Cisco email security appliances. A security vulnerability exists in the web interface of the Cisco Web Security Appliance WSA. an authenticated remote attacker performs command injection to elevate privileg...