Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.0% and no vendor patch available.
The web framework in Cisco Unified Computing System (UCS) Performance Manager 2.0.0 and earlier allows remote authenticated users to execute arbitrary commands via crafted parameters in a GET. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.