6 matches found
CVE-2017-9805
CVE-2017-9805 affects the Apache Struts 2 REST plugin. The REST plugin uses an XStreamHandler with an XStream instance to deserialize XML without any type filtering, enabling remote code execution when processing crafted XML payloads. Affected versions are Struts 2.1.1–2.3.x before 2.3.34 and 2.5...
CVE-2010-0570
CVE-2010-0570 affects Cisco Digital Media Manager (DMM) versions 5.0.x and 5.1.x. The issue is default credentials for the Tomcat administration account, enabling an attacker to gain full control over the web applications and potentially execute arbitrary code via a crafted web request. The Cisco...
CVE-2012-0329
CVE-2012-0329 affects Cisco Digital Media Manager (DMM) versions prior to or including 5.2.3. The vulnerability arises from improper validation of unreferenced URLs, allowing a remote, authenticated attacker to access administrative resources and execute arbitrary code. Impact is privilege escala...
CVE-2010-0572
Cisco DMM (Digital Media Manager) vulnerable before 5.2: remote authenticated users can reveal Cisco Digital Media Player credentials via error log or stack trace leakage (Bug ID CSCtc46050). The issue affects DMM versions earlier than 5.2, enabling credential disclosure through error logging and...
CVE-2010-0571
CVE-2010-0571 affects Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x. The issue is a privilege-escalation vulnerability that, when exploited via the web interface by remote authenticated users, can grant elevated privileges and lead to arbitrary code execution. The Cisco advisory notes the vul...
CVE-2013-3446
Cisco Digital Media Manager (DMM) is affected by CVE-2013-3446: an open redirect in the DMM login page could allow an unauthenticated, remote attacker to redirect users to an arbitrary external URL, potentially enabling phishing. The issue stems from an open redirect vulnerability in the login fl...