NotCVE - vendor:"Cisco" product:"Emergency Responder"

Page 3 of 26 results (0.008 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-12227

https://notcve.org/view.php?id=CVE-2017-12227

A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCvb58973. • http://www.securityfocus.com/bid/100653 http://www.securitytracker.com/id/1039287 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cer • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-9208

https://notcve.org/view.php?id=CVE-2016-9208

A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16). Una vulnerabilidad en el File Management Utility, el formulario Download File y la aplicación Serviceability de Cisco Emergency Responder podría permitir a un atacante remoto autenticado acceder a archivos en localizaciones arbitrarias en el sistema de archivo del dispositivo afectado. • http://www.securityfocus.com/bid/94800 http://www.securitytracker.com/id/1037426 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-6468

https://notcve.org/view.php?id=CVE-2016-6468

A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvb06663. Known Affected Releases: 11.5(1.10000.4). Known Fixed Releases: 12.0(0.98000.14). Una vulnerabilidad en la interfaz de administración basada en web de Cisco Emergency Responder puede permitir a un atacante remoto no autenticado llevar a cabo un ataque CSRF y realizar acciones arbitrarias en el dispositivo afectado. • http://www.securityfocus.com/bid/94786 http://www.securitytracker.com/id/1037428 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6405

https://notcve.org/view.php?id=CVE-2015-6405

Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501. Vulnerabilidad de CSRF en Cisco Emergency Responder 10.5(1) y 10.5(1a) permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocida como Bug ID CSCuv26501. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-cers http://www.securityfocus.com/bid/78812 http://www.securitytracker.com/id/1034385 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6400

https://notcve.org/view.php?id=CVE-2015-6400

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547. Vulnerabilidad de XSS en Cisco Emergency Responder 10.5(1a) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de campos no especificados, también conocido como Bug ID CSCuv25547. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-cer http://www.securityfocus.com/bid/78878 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4 5