CVSS: 10.0EPSS: 63%CPEs: 3EXPL: 2CVE-2008-0532 – Cisco User-Changeable Password (UCP) 3.3.4.12.5 - 'CSuserCGI.exe' Multiple Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-0532
14 Mar 2008 — Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors. Múltiples desbordamientos de buffer en el módulo securecgi-bin/CSuserCGI.exe de User-Changeable Password (UCP) en versiones anteriores a la 4.2 de Cisco Secure Access Control... • https://www.exploit-db.com/exploits/31394 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 4%CPEs: 3EXPL: 2CVE-2008-0533 – Cisco User-Changeable Password (UCP) 3.3.4.12.5 - 'CSUserCGI.exe' Help Facility Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0533
14 Mar 2008 — Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) del módulo securecgi-bin/CSuserCGI.exe en vesiones anteriores a... • https://www.exploit-db.com/exploits/31395 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 40EXPL: 0CVE-2007-1467
https://notcve.org/view.php?id=CVE-2007-1467
16 Mar 2007 — Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engin... • http://secunia.com/advisories/24499 •