CVE-2017-12358

A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient...

CVE-2017-12354

The CVE-2017-12354 issue affects Cisco Secure Access Control System (ACS) web-based interface, where an unauthenticated, remote attacker can view sensitive system software version information. Root cause: the software does not adequately protect version information in responses to HTTP requests. ...

CVE-2017-12354

A vulnerability in the web-based interface of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version...

HPE System Management Homepage Arbitrary Command Execution Vulnerability (CNVD-2017-33362)

HPE System Management Homepage is a Web-based interface from Hewlett Packard Enterprise. An arbitrary command execution vulnerability exists in HPE System Management Homepage, which allows an attacker to submit a special request to execute arbitrary OS commands in an application context...

HPE System Management Homepage Arbitrary Command Execution Vulnerability (CNVD-2017-33367)

HPE System Management Homepage is a Web-based interface from Hewlett Packard Enterprise. An arbitrary command execution vulnerability exists in HPE System Management Homepage, which allows an attacker to submit a special request to execute arbitrary OS commands in an application context...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

CVE-2017-6761

A vulnerability in the web-based management interface of Cisco Finesse 10.61 and 11.51 could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient...

CVE-2017-6764

The CVE-2017-6764 issue affects Cisco ASA 9.5(1) web-based management: an authenticated, remote attacker can trigger a cross-site scripting (XSS) vulnerability by persuading a user to click a crafted link. The root cause is insufficient validation of user-supplied input in the ASA web interface, ...

Cisco Web Security Appliance Multiple Vulnerabilities

According to its self-reported version, the remote Cisco Web Security Appliance WSA device is affected by one or more vulnerabilities : - An unspecified flaw exists in the web-based interface due to improper validation of user-supplied input. An authenticated, remote attacker who has valid...

CVE-2017-1000030

Oracle, GlassFish Server Open Source Edition 3.0.1 build 22 is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface...

Debian DLA-1019-1 : phpldapadmin security update

It was discovered that there was a cross-site scripting XSS vulnerability in phpldapadmin, a web-based interface for administering LDAP servers. For Debian 7 'Wheezy', this issue has been fixed in phpldapadmin version 1.2.2-5+deb7u1. We recommend that you upgrade your phpldapadmin packages. NOTE:...

CVE-2017-6700

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM based environment or client-side cross-site scripting XSS attack against a us...

CVE-2017-6700

CVE-2017-6700 is a DOM-based XSS vulnerability in Cisco Prime Infrastructure (PI) and EPNM web interfaces. An unauthenticated, remote attacker could lure a user to click a crafted link, causing arbitrary script execution in the user’s browser context. Affected releases include PI/EPNM 3.1(1) and ...

Cisco Prime Infrastructure and Evolved Programmable Network Manager XML Injection Vulnerability

A vulnerability in the web-based user interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker mu...

Foscam IP Video Camera CGIProxy.fcgi SMTP Test Host Parameter Configuration Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the “msmtprc” configuration file resulting...

Cisco Email Security and Content Security Management Appliance Message Tracking Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an...

CVE-2017-6654

A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerabilit...

CVE-2017-6654

A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerabilit...

ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities

ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities CVE-2017-6086 Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15 Product Description ViMbAdmin is a web-based interface used to manage a mail server with virtual domains, mailboxes and aliases. It is an open source...

ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications CVE-2017-6086 Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15 Product Description ViMbAdmin is a web-based interface used to manage a mail server with virtual domains, mailboxes and aliases. It is an open source solution developed by...