63 matches found
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability (cisco-sa-20170419-cimc1)
A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to perform a cross-site scripting XSS attack. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...
Cisco Integrated Management Controller User Session Hijacking Vulnerability (cisco-sa-20170419-cimc2)
A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. SPDX-FileCopyrightText: 2017 Greenbone AG Some text...
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to perform a persistent cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. A successf...
Cisco Integrated Management Controller Privilege Escalation Vulnerability
A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabili...
Cisco Integrated Management Controller User Session Hijacking Vulnerability
A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software do...
Cisco Integrated Management Controller Remote Code Execution Vulnerability
A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to perform unauthorized remote command execution on the affected device. The vulnerability exists because the affected software does not sufficiently sanitize specifi...
Cisco UCS Director Privilege Escalation Vulnerability
A vulnerability in the web-based GUI of Cisco UCS Director could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyrig...
Privilege escalation
A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control RBAC...
CVE-2017-3801
Cisco UCS Director privilege escalation (CVE-2017-3801) affects the web-based GUI in Cisco UCS Director 6.0.0.0 and 6.0.0.1. The root cause is improper RBAC after enabling the Developer Menu, enabling an authenticated, local user with an end-user profile to add catalogs containing arbitrary workf...
Moderate: Red Hat Security Advisory: tfm-rubygem-fusor_ui security update
An update for tfm-rubygem-fusorui is now available for Red Hat QCI 1.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Cisco Patches Authentication Bypass in Cisco Prime Home
Cisco has patched a critical vulnerability in its Cisco Prime Home remote management software used by service providers to oversee and provision subscribers’ home devices. The flaw, found by Cisco engineers, is in the product’s web-based GUI and allows remote attackers to bypass authentication an...
CVE-2017-3791
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control RBAC of URLs. An attacker could...
Cisco Prime Home Authentication Bypass Vulnerability
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control RBAC of URLs. An attacker could...
Cisco Cloud Services Platform 2.x < 2.1.0 Multiple Vulnerabilities
According to its self-reported version number, the remote Cisco Cloud Services Platform CSP device is 2.x prior to 2.1.0. It is, therefore, affected by the following vulnerabilities : - A command injection vulnerability exists in the web-based GUI due to improper sanitization of user-supplied...
CVE-2016-6373
Cisco Cloud Services Platform (CSP) 2100 web GUI vulnerability (CVE-2016-6373) affects CSP2100 2100 series running 2.0 and 2.x prior to 2.1.0. An authenticated remote attacker can inject commands via crafted platform requests to execute arbitrary OS commands with root privileges. The issue stems ...
Cisco Cloud Services Platform 2100 Command Injection Vulnerability
A vulnerability in the web-based GUI of the Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient sanitization of user-supplie...
FreePBX 13.0.35 Remote Code Execution
Vulnerable software : Freepbx Tested version : 13.0.35 vendor : freepbx.org Author : Ahmed sultan 0x4148 Email : [email protected] Summary : FreePBX is a web-based open source GUI graphical user interface that controls and manages Asterisk PBX, an open source communication server, With over 1...
Cisco Small Business 500 Series Switches Denial of Service Vulnerability
A vulnerability in the web-based GUI of the Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient handling of HTTP requests. An attacker...
SmoothWall 3.1 Cross Site Request Forgery / Cross Site Scripting
Exploit Title: SmoothWall 3.1 Multiple vulnerabilities Date: 21/12/2014 Author: Yann CAM @ Synetis Vendor or Software Link: www.smoothwall.org - www.smoothwall.org/download/ Version: 3.1 Category: CSRF password reset & XSS persistent Google dork: Tested on: Smoothwall Linux distribution Smoothwal...
Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework
Advisory ID: HTB23127 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 2012 Public Disclosure: December 10, 2012 Vulnerability Type: OS Command Injection CWE-78...