7 results (0.009 seconds)

CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0

The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535. El componente de página de inicio ("Home Page") de Cisco CiscoWorks Common Services en versiones anteriores a 4.1 en Windows, tal como se usa en CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager y CiscoWorks Voice Manager, permite a usuarios autenticados remotos ejecutar comandos arbitrarios a través de una URL modificada. También conocido como Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090 y CSCtt25535. • http://secunia.com/advisories/46533 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs http://www.securityfocus.com/bid/50284 https://exchange.xforce.ibmcloud.com/vulnerabilities/70759 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.8EPSS: 8%CPEs: 11EXPL: 5

Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577. Vulnerabilidad de salto de directorio en cwhp/auditLog.do en el componente Homepage Auditing en Cisco CiscoWorks Common Services v3.3 y anteriores permite a atacantes remotos leer archivos de su elección a través de un .. (punto punto) en el parámetro de archivo, también conocido como Bug ID CSCto35577. Cisco Unified Operations Manager suffers from cross site scripting, remote SQL injection, and directory traversal vulnerabilities. • https://www.exploit-db.com/exploits/35781 https://www.exploit-db.com/exploits/17304 http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html http://tools.cisco.com/security/center/viewAlert.x?alertId=23089 http://www.exploit-db.com/exploits/17304 http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/67525 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 5%CPEs: 11EXPL: 6

Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en cwhp/device.center.do en el servlet Help en Cisco CiscoWorks Common Services v3.3 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro "device", también conocido cómo Bug ID CSCto12704. Cisco Unified Operations Manager suffers from cross site scripting, remote SQL injection, and directory traversal vulnerabilities. Versions 8.0 and 8.5 are affected. • https://www.exploit-db.com/exploits/35779 https://www.exploit-db.com/exploits/17304 http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html http://tools.cisco.com/security/center/viewAlert.x?alertId=23088 http://www.exploit-db.com/exploits/17304 http://www.securityfocus.com/bid/47902 http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/67523 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 93%CPEs: 296EXPL: 2

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt http://secunia.com/advisories/15393 http://secunia.com/advisories/15417 http://secunia.com/advisories/18222 http://secunia.com/advisories/18662 http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml http:/& •

CVSS: 5.0EPSS: 0%CPEs: 252EXPL: 0

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. OpenSSL 0.9.6 anteriores a la 0.9.6d no manejan adecuadamente los tipos de mensajes desconocidos, lo que permite a atacantes remotos causar una denegación de servicios (por bucle infinito), como se demuestra utilizando la herramienta de testeo Codenomicon TLS. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://fedoranews.org/updates/FEDORA-2004-095.shtml http://marc.info/?l=bugtraq&m=107955049331965&w=2 http://marc.info/?l=bugtraq&m=108403850228012&w=2 http://rhn.redhat.com/errata/RHSA-2004-119.html http://secunia.com/advisories/11139 http://security.gen •