Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.
Max CVSS
7.8
EPSS Score
0.35%
Published
2021-12-01
Updated
2021-12-02
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.
Max CVSS
6.1
EPSS Score
0.07%
Published
2020-03-27
Updated
2020-03-30
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.
Max CVSS
7.5
EPSS Score
0.13%
Published
2020-03-27
Updated
2021-07-21
Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.
Max CVSS
7.8
EPSS Score
0.60%
Published
2016-03-26
Updated
2017-05-12
The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.
Max CVSS
7.8
EPSS Score
0.29%
Published
2016-03-26
Updated
2016-12-03
Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.
Max CVSS
7.8
EPSS Score
0.21%
Published
2016-03-26
Updated
2016-12-03
The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.
Max CVSS
7.1
EPSS Score
0.57%
Published
2016-03-26
Updated
2017-05-12
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy10766.
Max CVSS
6.1
EPSS Score
0.12%
Published
2016-02-15
Updated
2016-12-06
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958.
Max CVSS
5.3
EPSS Score
0.11%
Published
2016-02-09
Updated
2016-12-06
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux80760.
Max CVSS
6.1
EPSS Score
0.12%
Published
2016-03-28
Updated
2016-12-03
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033.
Max CVSS
6.1
EPSS Score
0.12%
Published
2016-02-06
Updated
2016-12-06
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466.
Max CVSS
6.1
EPSS Score
0.11%
Published
2016-02-06
Updated
2016-02-16
Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565.
Max CVSS
7.8
EPSS Score
1.21%
Published
2016-04-06
Updated
2016-12-03
Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579.
Max CVSS
7.8
EPSS Score
0.57%
Published
2016-03-03
Updated
2016-12-03
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network.
Max CVSS
5.0
EPSS Score
0.24%
Published
2015-01-21
Updated
2017-09-08
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230.
Max CVSS
5.0
EPSS Score
0.19%
Published
2015-01-21
Updated
2016-12-07
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hermon HCA PCIe driver.
Max CVSS
6.8
EPSS Score
0.63%
Published
2014-10-15
Updated
2014-11-19
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-01-21
Updated
2016-12-07
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-01-21
Updated
2016-12-07
Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS).
Max CVSS
6.6
EPSS Score
0.04%
Published
2015-01-21
Updated
2016-12-07
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-01-21
Updated
2016-12-07
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM).
Max CVSS
7.8
EPSS Score
0.62%
Published
2014-10-15
Updated
2014-11-19
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB server user component.
Max CVSS
5.0
EPSS Score
0.62%
Published
2014-10-15
Updated
2015-11-06
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework.
Max CVSS
7.2
EPSS Score
0.04%
Published
2014-10-15
Updated
2015-11-06
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Archive Utility.
Max CVSS
6.8
EPSS Score
0.04%
Published
2014-10-15
Updated
2015-11-06
829 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!