unauthorized vulnerabilities and exploits

(subscribe to this query)

The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software prior to 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a craft...

Cisco Unified Cdm Application Software Cisco Unified Communications Domain Manager -

Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software prior to 4.4.2 has a hardcoded SSH private key, which makes it easier for remote malicious users to obtain access to the support and root accounts by extracting this key from a binary file found in...

Cisco Unified Cdm Platform Software Cisco Unified Communications Domain Manager -

The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software prior to 10 does not properly implement access control, which allows remote malicious users to modify user information via a crafted URL, aka Bug ID CS...

Cisco Unified Cdm Application Software Cisco Unified Cdm Application Software 8.1 Cisco Unified Communications Domain Manager -

A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local malicious user to inject unauthorized commands. This vulnerability is due ...

Cisco Ucs Central Software Cisco Ucs 6536 Firmware -Cisco Ucs 64108 Firmware -Cisco Ucs 6454 Firmware -Cisco Ucs 6200 Firmware -Cisco Ucs 6248up Firmware -Cisco Ucs 6296up Firmware -Cisco Ucs 6300 Firmware -Cisco Ucs 6324 Firmware -Cisco Ucs 6332 Firmware -Cisco Ucs 6332-16up Firmware -Cisco Firepower Extensible Operating System -

Session fixation vulnerability in Rails prior to 1.2.4, as used for Ruby on Rails, allows remote malicious users to hijack web sessions via unspecified vectors related to "URL-based sessions."

David Hansson Ruby On Rails

The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, wh...

Rubyonrails Rails 1.2.4

utilities/register.asp in Nukedit 4.9.6 and previous versions allows remote malicious users to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action.

Nukedit Nukedit Nukedit Nukedit 4.9.0 Nukedit Nukedit 4.9.1 Nukedit Nukedit 4.9.2 Nukedit Nukedit 4.9.3

1 EDB exploit

usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote malicious users to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.

Phpbb Group Phpbb 2.0.20

1 EDB exploit

Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote malicious users to bypass authentication and access modifier options via a direct request to moderator.php with the action and ismod parameters.

Openbb Openbb 1.0.0 Rc1 Openbb Openbb 1.0.0 Rc2 Openbb Openbb 1.0.0 Rc3

1 EDB exploit

dialog.php in CONTENTCustomizer 3.1mp and previous versions allows remote malicious users to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) and possibly other att...

Contentcustomizer Contentcustomizer

1 EDB exploit

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook