The report said that last month’s most exploited vulnerabilities were SQL Injection, OpenSSL TLS DTLS Heartbeat Information Disclosure …
Tag: Internet security
Cisco Enterprise NFV Infrastructure Software Web Portal Arbitrary File Read Vulnerability
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device.
The vulnerability is due to the improper input validation of tar packages uploaded through the Web Portal to the Image Repository. An attacker could exploit this vulnerability by uploading a crafted tar package and viewing the log entries that are generated. A successful exploit could allow the attacker to read arbitrary files on the underlying OS.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfv-fileread
Security Impact Rating: Medium
CVE: CVE-2019-1961
Related:
Cisco Firepower Threat Defense Software File Policy Bypass Vulnerability
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system.
The vulnerability is due to errors when handling specific SSL/TLS messages. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-ftd-bypass
Security Impact Rating: Medium
CVE: CVE-2019-1970
Related:
Cisco IoT Field Network Director TLS Renegotiation Denial of Service Vulnerability
A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device.
The vulnerability is due to improper handling of Transport Layer Security (TLS) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. A successful exploit could increase the resource usage on the system, eventually leading to a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-fnd-dos
Security Impact Rating: Medium
CVE: CVE-2019-1957
Related:
Cisco Webex Meetings Server Open Redirection Vulnerability
A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page.
The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-wms-oredirect
Security Impact Rating: Medium
CVE: CVE-2019-1954
Related:
I tried SQL injection without intention to hack, and got IP banned. What should I do?
Hello. I’m a computer science student, and I’ve just started learning about computer security. So I tried ‘ or ‘1’ = ‘1 in an old website on a login page, …
Related:
MS SQL Injection in SQL Server 2008
I’m working on a pentest/bug bounty at this current moment in time. I found a POST MS SQL Injection in a POST parameter concerning authentication …
Related:
Cisco Identity Services Engine Blind SQL Injection Vulnerability
A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries.
The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-ise-sql-inject
Security Impact Rating: Medium
CVE: CVE-2019-1942
Related:
Complete SQL Injection Course: Beginner to Advanced
Complete SQL Injection Course: Beginner to Advanced. Learn to hack computer systems and websites like a professional black hat hacker. Course …
Related:
Complete SQL Injection Course
Complete SQL Injection Course: Beginner to Advanced. Learn to hack computer systems and websites like a professional black hat hacker.