CVE-2016-1386
https://notcve.org/view.php?id=CVE-2016-1386
The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521. La API en Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) permite a atacantes remotos suplantar notificaciones administrativas a través de pares de valor-atributo manipulados, también conocida como Bug ID CSCux15521. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic http://www.securitytracker.com/id/1035702 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-1318
https://notcve.org/view.php?id=CVE-2016-1318
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCux15489. Vulnerabilidad de XSS en Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrario a través de un dato markup manipulado, también conocido como Bug ID CSCux15489. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-apic http://www.securitytracker.com/id/1034955 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-1305
https://notcve.org/view.php?id=CVE-2016-1305
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511. Vulnerabilidad de XSS en Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores que implican entidades HTML, también conocido como Bug ID CSCux15511. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em http://www.securitytracker.com/id/1034902 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-6337
https://notcve.org/view.php?id=CVE-2015-6337
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238. Vulnerabilidad de XSS en Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un hostname manipulado en una respuesta SNMP, también conocida como Bug ID CSCuw47238. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160125-api http://www.securitytracker.com/id/1034827 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-6424
https://notcve.org/view.php?id=CVE-2015-6424
The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985. El boot manager en Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) permite a usuarios locales eludir las restricciones destinadas al acceso y obtener acceso root modo-solo-usuario a través de vectores no especificados, también conocido como Bug ID CSCuu83985. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151216-apic http://www.securityfocus.com/bid/79410 http://www.securitytracker.com/id/1034468 • CWE-255: Credentials Management Errors •