CVSS: 10.0EPSS: 94%CPEs: 398EXPL: 413CVE-2021-44228 – Apache Log4j2 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44228
10 Dec 2021 — Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.... • https://packetstorm.news/files/id/171626 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-5488
https://notcve.org/view.php?id=CVE-2013-5488
12 Sep 2013 — Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969. Cisco Common Services, utilizado en Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Un... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5488 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3439
https://notcve.org/view.php?id=CVE-2013-3439
23 Jul 2013 — Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182. Múltiples vulnerabilidades XSS en Cisco Unified Operations Manager, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de una URL manipulada en un campo en la cabecera de un HTML. Aka Bug ID CSCud80182. • http://osvdb.org/95585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3440
https://notcve.org/view.php?id=CVE-2013-3440
23 Jul 2013 — Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186. Múltiples vulnerabilidades XSS en el interfaz web de administración de Cisco Unified Operations Manager, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias y obtener cookies seguras a través de vectores no ... • http://osvdb.org/95584 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3437
https://notcve.org/view.php?id=CVE-2013-3437
22 Jul 2013 — SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179. Vulnerabilidad de inyección SQL en Cisco Unified Operations Manager, permite a usuarios autenticados la ejecución arbitraria de comandos SQL a través de un campo de entrada. Aka Bug ID CSCud80179. • http://osvdb.org/95472 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3416
https://notcve.org/view.php?id=CVE-2013-3416
10 Jul 2013 — Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el framework web en la implementación del gestor de comunicaciones en Cisco Unified Operations Manager y Unified Ser... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 11%CPEs: 28EXPL: 0CVE-2011-2738 – Cisco Unified Service Monitor brstart sm_read_string_length Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2738
17 Sep 2011 — Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted p... • http://secunia.com/advisories/45979 •
CVSS: 6.1EPSS: 10%CPEs: 10EXPL: 9CVE-2011-0959 – Cisco Unified Operations Manager 8.5 - '/iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-0959
20 May 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSC... • https://www.exploit-db.com/exploits/35765 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 4CVE-2011-0960 – Cisco Unified Operations Manager - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-0960
20 May 2011 — Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716. Múltiples vulnerabilidades de inyección SQL en Cisco Unified Operations Manager (CUOM) anterior a v8.6, permite a atacantes remotos ejecuctar comandos SQL de su elección a través de (1) el parámetro CCMs de iptm/PRTestCreati... • https://www.exploit-db.com/exploits/17304 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 10%CPEs: 10EXPL: 5CVE-2011-0962 – Cisco Unified Operations Manager 8.5 - Common Services Device Center Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-0962
20 May 2011 — Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine en el Common Services Device Center en Cisco Unified Operations Manager (CUOM) anterio... • https://www.exploit-db.com/exploits/35780 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •