Lucene search
K

63 matches found

OpenVAS
OpenVAS
added 2017/04/20 12:0 a.m.14 views

Cisco Integrated Management Controller Cross-Site Scripting Vulnerability (cisco-sa-20170419-cimc1)

A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to perform a cross-site scripting XSS attack. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

5.4CVSS5.4AI score0.00928EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2017/04/20 12:0 a.m.27 views

Cisco Integrated Management Controller User Session Hijacking Vulnerability (cisco-sa-20170419-cimc2)

A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. SPDX-FileCopyrightText: 2017 Greenbone AG Some text...

5.4CVSS5.6AI score0.00967EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/19 4:0 p.m.26 views

Cisco Integrated Management Controller Cross-Site Scripting Vulnerability

A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to perform a persistent cross-site scripting XSS attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. A successf...

6.1CVSS5.4AI score0.00928EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/19 4:0 p.m.39 views

Cisco Integrated Management Controller Privilege Escalation Vulnerability

A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabili...

8.8CVSS8.6AI score0.0264EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/19 4:0 p.m.25 views

Cisco Integrated Management Controller User Session Hijacking Vulnerability

A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software do...

4.3CVSS5.4AI score0.00967EPSS
Exploits0References1
Cisco
Cisco
added 2017/04/19 4:0 p.m.23 views

Cisco Integrated Management Controller Remote Code Execution Vulnerability

A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to perform unauthorized remote command execution on the affected device. The vulnerability exists because the affected software does not sufficiently sanitize specifi...

9.8CVSS9AI score0.04241EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2017/02/16 12:0 a.m.24 views

Cisco UCS Director Privilege Escalation Vulnerability

A vulnerability in the web-based GUI of Cisco UCS Director could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyrig...

8.8CVSS8.8AI score0.00333EPSS
Exploits0References1
Prion
Prion
added 2017/02/15 8:59 p.m.21 views

Privilege escalation

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control RBAC...

4.6CVSS8.7AI score0.00333EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/02/15 8:0 p.m.61 views

CVE-2017-3801

Cisco UCS Director privilege escalation (CVE-2017-3801) affects the web-based GUI in Cisco UCS Director 6.0.0.0 and 6.0.0.1. The root cause is improper RBAC after enabling the Developer Menu, enabling an authenticated, local user with an end-user profile to add catalogs containing arbitrary workf...

8.8CVSS8.8AI score0.00333EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2017/02/06 8:27 p.m.46 views

Moderate: Red Hat Security Advisory: tfm-rubygem-fusor_ui security update

An update for tfm-rubygem-fusorui is now available for Red Hat QCI 1.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

4.6CVSS5.8AI score0.00416EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2017/02/03 10:23 a.m.28 views

Cisco Patches Authentication Bypass in Cisco Prime Home

Cisco has patched a critical vulnerability in its Cisco Prime Home remote management software used by service providers to oversee and provision subscribers’ home devices. The flaw, found by Cisco engineers, is in the product’s web-based GUI and allows remote attackers to bypass authentication an...

10CVSS1AI score0.02702EPSS
Exploits0References5
Cvelist
Cvelist
added 2017/02/01 7:0 p.m.19 views

CVE-2017-3791

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control RBAC of URLs. An attacker could...

10AI score0.04107EPSS
Exploits0References2
Cisco
Cisco
added 2017/02/01 4:0 p.m.25 views

Cisco Prime Home Authentication Bypass Vulnerability

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control RBAC of URLs. An attacker could...

10CVSS9.9AI score0.04107EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/10/13 12:0 a.m.20 views

Cisco Cloud Services Platform 2.x < 2.1.0 Multiple Vulnerabilities

According to its self-reported version number, the remote Cisco Cloud Services Platform CSP device is 2.x prior to 2.1.0. It is, therefore, affected by the following vulnerabilities : - A command injection vulnerability exists in the web-based GUI due to improper sanitization of user-supplied...

9.8CVSS8.6AI score0.03687EPSS
Exploits0References6
CVE
CVE
added 2016/09/22 10:0 p.m.43 views

CVE-2016-6373

Cisco Cloud Services Platform (CSP) 2100 web GUI vulnerability (CVE-2016-6373) affects CSP2100 2100 series running 2.0 and 2.x prior to 2.1.0. An authenticated remote attacker can inject commands via crafted platform requests to execute arbitrary OS commands with root privileges. The issue stems ...

9CVSS7.1AI score0.02414EPSS
Exploits0References3Affected Software1
Cisco
Cisco
added 2016/09/21 4:0 p.m.26 views

Cisco Cloud Services Platform 2100 Command Injection Vulnerability

A vulnerability in the web-based GUI of the Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient sanitization of user-supplie...

9CVSS7.6AI score0.02414EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2016/08/25 12:0 a.m.46 views

FreePBX 13.0.35 Remote Code Execution

Vulnerable software : Freepbx Tested version : 13.0.35 vendor : freepbx.org Author : Ahmed sultan 0x4148 Email : [email protected] Summary : FreePBX is a web-based open source GUI graphical user interface that controls and manages Asterisk PBX, an open source communication server, With over 1...

7.4AI score
Exploits0
Cisco
Cisco
added 2016/01/28 9:0 p.m.42 views

Cisco Small Business 500 Series Switches Denial of Service Vulnerability

A vulnerability in the web-based GUI of the Cisco Small Business 500 Series Stackable Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient handling of HTTP requests. An attacker...

5.4CVSS7.5AI score0.01347EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2014/12/22 12:0 a.m.32 views

SmoothWall 3.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: SmoothWall 3.1 Multiple vulnerabilities Date: 21/12/2014 Author: Yann CAM @ Synetis Vendor or Software Link: www.smoothwall.org - www.smoothwall.org/download/ Version: 3.1 Category: CSRF password reset & XSS persistent Google dork: Tested on: Smoothwall Linux distribution Smoothwal...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2012/12/11 12:0 a.m.100 views

Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework

Advisory ID: HTB23127 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: 0.1.3, 0.1.4 and probably prior Tested Versions: 0.1.3, 0.1.4 Vendor Notification: November 19, 2012 Public Disclosure: December 10, 2012 Vulnerability Type: OS Command Injection CWE-78...

6.8CVSS0.6AI score0.09296EPSS
Exploits5
Rows per page
Query Builder