CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2013-5563 – Cisco MARS Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-5563
Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp in Cisco Security Monitoring, Analysis and Response System (CS-MARS) allows remote attackers to inject arbitrary web script or HTML via the isnowLatency parameter, aka Bug ID CSCul16173. Vulnerabilidad Cross-site scripting (XSS) en Query / NewQueryResult.jsp en Cisco Security Monitoring, Analysis and Response System (CS-MARS) que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro isnowLatency, también conocido como Bug ID CSCul16173. A cross site scripting vulnerability has been found in Cisco Security Monitoring, Analysis and Response System. The issue is due to the input passed via several fields (eg: isnowLatency) to the /Query/NewQueryResult.jsp page are not properly sanitised before being returned to the user. Other pages could be affected by this issue. • http://archives.neohapsis.com/archives/bugtraq/2013-11/0016.html http://research.smartnetsecurity.net/advisory/-smt-sa-2013-02-cisco-mars-cross-site-scripting-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-1140
https://notcve.org/view.php?id=CVE-2013-1140
The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093. El analizador XML de Cisco Security Monitoring, Analysis, y Response System (MARS) permite a atacantes remotos leer archivos de su elección a través de una declaración de entidad externa, en relación con una referencia de entidad, relacionada con la entidad XML externo (XXE) expedir, también conocido como Bug ID CSCue55093. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1140 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 1%CPEs: 2EXPL: 0CVE-2007-0397
https://notcve.org/view.php?id=CVE-2007-0397
The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information. El Cisco Security Monitoring, Analysis y Response System (CS-MARS) anterior 4.2.3 y Adaptive Security Device Manager (ASDM) anterior 5.2(2.54) no valida los certificados SSL/TLS o llaves públicas SSH cuando se conectan dispositivos, lo cual permite a atacantes remotos suplantar a estos dispositivos obteniendo información sensible o generando información incorrecta. • http://osvdb.org/32720 http://secunia.com/advisories/23836 http://securitytracker.com/id?1017535 http://securitytracker.com/id?1017536 http://www.cisco.com/en/US/products/products_security_advisory09186a00807c517f.shtml http://www.securityfocus.com/bid/22111 http://www.vupen.com/english/advisories/2007/0245 https://exchange.xforce.ibmcloud.com/vulnerabilities/31567 •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 1CVE-2006-3733 – Cisco Security Monitoring Analysis and Response System JBoss - Command Execution
https://notcve.org/view.php?id=CVE-2006-3733
jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name. jmx-console/HtmlAdaptor en el jmx-console en el servidor de aplicaciones Web JBoss, como el que va incluido en Cisco Security Monitoring, Analysis and Response System (CS-MARS) anterior a 4.2.1, permite a atacantes remotos obtener privilegios como administrador CS-MARS y ejecutar código Java de su elección mediante la acción invokeOp en el nombre de servicio BSHDeployer jboss.scripts. • https://www.exploit-db.com/exploits/28245 http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html http://secunia.com/advisories/21118 http://securitytracker.com/id?1016537 http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml http://www.osvdb.org/27419 http://www.securityfocus.com/archive/1/440641/100/100/threaded http://www.securityfocus.com/bid/19071 http://www.securityfocus.com/bid/19075 http://www.vupen.com/english/advisories/2006/2887 http • CWE-264: Permissions, Privileges, and Access Controls •