Page 4 of 32 results (0.000 seconds)

CVSS: 8.8EPSS: 1%CPEs: 18EXPL: 0

CVE-2016-6443

https://notcve.org/view.php?id=CVE-2016-6443

27 Oct 2016 — A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A). Una vulnerabilidad en Cisco Prime Infrastructure y en la interfaz de la base de datos SQL de Evolved Programmable Network Manager pod... • http://www.securityfocus.com/bid/93522 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0

CVE-2016-1408

https://notcve.org/view.php?id=CVE-2016-1408

02 Jul 2016 — Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488. Cisco Prime Infrastructure 1.2 hasta la versión 3.1 y Evolved Programmable Network Manager (EPNM) 1.2 y 2.0 permite a usuarios remotos autenticado ejecutar comandos arbitrarios o subir archivos a través de una petición HTTP manipulada, también conocida como Bug ID CSCuz01488. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-pi-epnm • CWE-20: Improper Input Validation •