Cross site request forgery (csrf)

A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF02902.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on a...

CVE-2020-13259

CVE-2020-13259 affects RAD SecFlow-1v os-image SF_0290_2.3.01.26: a CSRF weakness in the web UI allows an unauthenticated attacker to perform actions via a persuaded user, potentially with the user’s privileges. The CVSSv3.1 base score is 8.8 (HIGH); exploit scenario requires user interaction. Th...

Cisco Email Security Appliance (ESA) Information Disclosure (cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP)

According to its self-reported version, the Cisco Email Security Appliance ESA is affected by an information disclosure vulnerability in the web-based management interface of Cisco AsyncOS software due to the use of an insecure method to mask certain passwords on the web-based management interfac...

Cisco Content Security Management Appliance (SMA) Information Disclosure (cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP)

According to its self-reported version, the Cisco Content Security Management Appliance SMA is affected by an information disclosure vulnerability in the web-based management interface of Cisco AsyncOS software due to the use of an insecure method to mask certain passwords on the web-based...

Cisco Web Security Appliance (WSA) Information Disclosure (cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP)

According to its self-reported version, the Cisco Web Security Appliance WSA is affected by an information disclosure vulnerability in the web-based management interface of Cisco AsyncOS software due to the use of an insecure method to mask certain passwords on the web-based management interface...

CVE-2020-3451 Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system OS as a restricted user. For more information...

CVE-2020-3451

Cisco CVE-2020-3451 affects the Cisco Small Business RV340 Series Routers web-based management interface. Public details (ZDI/Nessus/Cisco advisory) describe a command injection/remote code execution flaw in the upload.cgi handler, caused by improper validation of a user-supplied string used in a...

CVE-2020-3451 Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system OS as a restricted user. For more information...

CVE-2020-3453 Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system OS as a restricted user. For more information...

CVE-2020-3546 Cisco Email Security Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are se...

Cisco Email Security Appliance Information Disclosure (cisco-sa-esa-info-disclosure-vMJMMgJ)

According to its self-reported version, Cisco Email Security Appliance ESA is affected by an information disclosure vulnerability in the web-based management interface, due to insufficient validation of requests sent to it. An unauthenticated, remote attacker can exploit this, by sending speciall...

Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system OS as a restricted user. For more information about these vulnerabilities, s...

Cisco Data Center Network Manager Stored XSS (cisco-sa-dcnm-xss-stored-w4rJZJtO)

According to its self-reported version, Cisco Data Center Network Manager is affected by a vulnerability in the web-based management interface due to insufficient input validation. An authenticated, remote attacker can exploit this, by inserting malicious data into a specific data field in the...

Exploit for Cross-Site Request Forgery (CSRF) in Rad Secflow-1V_Firmware

CVE-2020-13259 PoC of Full Account Takeover on RAD SecFlow-1v...

CVE-2020-3491

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. The vulnerability exists...

CVE-2020-3518

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of the affected software. The vulnerability exists because the...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface...

CVE-2020-3484 Cisco Vision Dynamic Signage Director Directory Traversal Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected device. The vulnerability is due to incorrect permissions within Apache configuration. An attacke...

CVE-2020-3490 Cisco Vision Dynamic Signage Director Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability...

CVE-2020-3490

The CVE-2020-3490 issue affects Cisco Vision Dynamic Signage Director. A vulnerability in the web-based management interface allows an authenticated, remote attacker with administrative privileges to perform directory traversal and read files on the underlying OS with root privileges due to impro...