Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.
Max CVSS
9.0
EPSS Score
0.28%
Published
2021-12-01
Updated
2021-12-02
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.
Max CVSS
9.0
EPSS Score
0.22%
Published
2021-12-01
Updated
2022-07-25
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.
Max CVSS
7.8
EPSS Score
0.35%
Published
2021-12-01
Updated
2021-12-02
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.
Max CVSS
8.1
EPSS Score
0.06%
Published
2020-03-27
Updated
2021-07-21
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.
Max CVSS
6.1
EPSS Score
0.07%
Published
2020-03-27
Updated
2020-03-30
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.
Max CVSS
7.5
EPSS Score
0.13%
Published
2020-03-27
Updated
2021-07-21
Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.
Max CVSS
7.8
EPSS Score
0.60%
Published
2016-03-26
Updated
2017-05-12
The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.
Max CVSS
7.8
EPSS Score
0.29%
Published
2016-03-26
Updated
2016-12-03
Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.
Max CVSS
7.8
EPSS Score
0.21%
Published
2016-03-26
Updated
2016-12-03
The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.
Max CVSS
7.1
EPSS Score
0.57%
Published
2016-03-26
Updated
2017-05-12
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy10766.
Max CVSS
6.1
EPSS Score
0.12%
Published
2016-02-15
Updated
2016-12-06
Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800.
Max CVSS
10.0
EPSS Score
0.46%
Published
2016-03-03
Updated
2016-12-03
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux80760.
Max CVSS
6.1
EPSS Score
0.12%
Published
2016-03-28
Updated
2016-12-03
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033.
Max CVSS
6.1
EPSS Score
0.12%
Published
2016-02-06
Updated
2016-12-06
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466.
Max CVSS
6.1
EPSS Score
0.11%
Published
2016-02-06
Updated
2016-02-16
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.
Max CVSS
9.0
EPSS Score
0.14%
Published
2016-02-07
Updated
2016-12-06
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.
Max CVSS
9.8
EPSS Score
4.60%
Published
2016-04-06
Updated
2019-07-29
The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.
Max CVSS
8.1
EPSS Score
0.12%
Published
2016-04-06
Updated
2019-07-29
SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.
Max CVSS
10.0
EPSS Score
0.13%
Published
2016-01-27
Updated
2016-12-07
Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565.
Max CVSS
7.8
EPSS Score
1.21%
Published
2016-04-06
Updated
2016-12-03
Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579.
Max CVSS
7.8
EPSS Score
0.57%
Published
2016-03-03
Updated
2016-12-03
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hermon HCA PCIe driver.
Max CVSS
6.8
EPSS Score
0.63%
Published
2014-10-15
Updated
2014-11-19
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-01-21
Updated
2016-12-07
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-01-21
Updated
2016-12-07
Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS).
Max CVSS
6.6
EPSS Score
0.04%
Published
2015-01-21
Updated
2016-12-07
858 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!