Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-34764: Cisco Firepower Management Center Software Cross-Site Scripting and Open Redirect Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory.

CVE
#xss#vulnerability#web#cisco

Related news

Critical Linux Kernel Bug Allows Remote Takeover

The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other.

CVE-2021-34763: Cisco Firepower Management Center Software Cross-Site Scripting and Open Redirect Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory.

SQL injection flaw in billing software app tied to US ransomware infection

BillQuick customers blindsided by recently patched web security flaw

Siemens SCALANCE

This advisory contains mitigations for Cross-site Request Forgery, OS Command Injection, Classic Buffer Overflow, Command Injection, Path Traversal, and Missing Encryption of Sensitive Data vulnerabilities in the Siemens SCALANCE software management platform.

CVE-2021-27665: Johnson Controls exacqVision | CISA

An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition.

Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root (Telnet/SSH)

The CTM-200 and CTM-ONE are vulnerable to hard-coded credentials within their Linux distribution image. This weakness can lead to the exposure of resources or functionality to unintended actors, providing attackers with sensitive information including executing arbitrary code.

CVE-2021-31605: OpenVPN Monitor 1.1.3 Command Injection ≈ Packet Storm

furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM.

CVE-2020-11084: Build software better, together

In iPear, the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data (files) from the PC.

CVE-2006-4472: Joomla Content Management System (CMS) - try it! It's free!

Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907