2 results (0.002 seconds)

CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) del módulo securecgi-bin/CSuserCGI.exe en vesiones anteriores a la 4.2 de Cisco Secure Access Control Server (ACS) para Windows y ACS Solution Engine, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante la utilización de un argumento situado a continuación del argumento Help y probablemente mediante otros vectores no especificados. The Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) application suffers from buffer overflow and cross site scripting vulnerabilities. Details provided. • https://www.exploit-db.com/exploits/31395 http://secunia.com/advisories/29351 http://securityreason.com/securityalert/3743 http://securitytracker.com/id?1019607 http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt http://www.securityfocus.com/archive/1/489463/100/0/threaded http://www.securityfocus.com/bid/28222 http://www.vupen.com/english/advisories/2008/0868 https://excha • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 92%CPEs: 3EXPL: 2

Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors. Múltiples desbordamientos de buffer en el módulo securecgi-bin/CSuserCGI.exe de User-Changeable Password (UCP) en versiones anteriores a la 4.2 de Cisco Secure Access Control Server (ACS)para Windows y ACS Solution Engine, permite a atacantes remotos ejecutar código de su elección, mediante la utilización de argumentos largos localizados a continuación del argumento Logout y posiblemente a través de otros vectores no especificados. The Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) application suffers from buffer overflow and cross site scripting vulnerabilities. Details provided. • https://www.exploit-db.com/exploits/31394 http://secunia.com/advisories/29351 http://securityreason.com/securityalert/3743 http://securitytracker.com/id?1019608 http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt http://www.securityfocus.com/archive/1/489463/100/0/threaded http://www.securityfocus.com/bid/28222 http://www.vupen.com/english/advisories/2008/0868 https://excha • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •