259671
|
- |
|
cisco
|
identity_services_engine_software identity_services_engine
|
The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspec…
|
CWE-20
Improper Input Validation
|
CVE-2013-5539
|
2013-10-16 23:16 |
2013-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259672
|
- |
|
cisco
|
identity_services_engine_software identity_services_engine
|
Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted fi…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5541
|
2013-10-16 23:16 |
2013-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259673
|
- |
|
cisco
|
identity_services_engine_software identity_services_engine
|
The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many…
|
CWE-399
Resource Management Errors
|
CVE-2013-5540
|
2013-10-16 23:13 |
2013-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259674
|
- |
|
cisco
|
webex_meetings_server
|
The deployment module in the server in Cisco WebEx Meeting Center does not properly validate the passphrase, which allows remote attackers to launch a deployment or cause a denial of service (deploym…
|
CWE-20
Improper Input Validation
|
CVE-2013-5529
|
2013-10-16 23:09 |
2013-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259675
|
- |
|
cisco
|
identity_services_engine_software identity_services_engine
|
The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5538
|
2013-10-16 23:02 |
2013-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259676
|
- |
|
cisco
|
nx-os
|
Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4121
|
2013-10-16 20:26 |
2013-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259677
|
- |
|
real-estate-php-script
|
real_estate_php_script
|
SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter.
|
CWE-89
SQL Injection
|
CVE-2013-5931
|
2013-10-16 03:03 |
2013-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259678
|
- |
|
knowledgeview
|
knowledgeview_editorial_and_management_application
|
Cross-site scripting (XSS) vulnerability in the KnowledgeView Editorial and Management application allows remote attackers to inject arbitrary web script or HTML via the username parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2013-3616
|
2013-10-16 02:56 |
2013-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259679
|
- |
|
cisco
|
firewall_services_module_software
|
The authorization functionality in Cisco Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(25) and 4.x before 4.1(13), when multiple-context mode is enabled, allows local users to read or mo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5506
|
2013-10-16 02:47 |
2013-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259680
|
- |
|
tenable
|
securitycenter
|
Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2013-5911
|
2013-10-16 02:04 |
2013-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|