CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1232 – RSA Authentication Agent for Web XSS / Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-1232
28 Mar 2018 — RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation. RSA Authentication Agent en versiones 8.0.1 y anteriores para Web para IIS y Apache Web Server se ve afectado por un desbordamiento de búfer basado en pila que pued... • http://seclists.org/fulldisclosure/2018/Mar/60 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1233 – RSA Authentication Agent for Web XSS / Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-1233
28 Mar 2018 — RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website. RSA Authentication Agent en versiones 8.0.1 y anteriores para Web para IIS y Apache Web Server se ve afectado por una vulnerabilidad Cross-Site Scripting (XSS). Los atacantes podrían explota... • http://seclists.org/fulldisclosure/2018/Mar/60 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1234 – RSA Authentication Agent for Web XSS / Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-1234
28 Mar 2018 — RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent. RSA Authentication Agent en versiones 8.0.1 y anteriores para Web para IIS se ve afectado por un problema en el que los permisos de la lista de control ... • http://seclists.org/fulldisclosure/2018/Mar/60 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2010-3261
https://notcve.org/view.php?id=CVE-2010-3261
24 Sep 2010 — Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote attackers to read unspecified data via unknown vectors. Vulnerabilidad de salto de directorio en el agente de autenticación RSA v7.0 anteriores a la versión P2 para Web. Permite a atacantes remotos leer datos sin especificar a través de vectores de ataque desconocidos. • http://www.securityfocus.com/archive/1/513908/100/0/threaded • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 72%CPEs: 2EXPL: 4CVE-2005-4734 – Microsoft IIS - ISAPI RSA WebAgent Redirect Overflow
https://notcve.org/view.php?id=CVE-2005-4734
31 Dec 2005 — Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method. • https://www.exploit-db.com/exploits/16358 •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 2CVE-2005-3329 – RSA ACE Agent 5.x - Image Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3329
27 Oct 2005 — Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter in a GetPic operation. • https://www.exploit-db.com/exploits/26398 •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2005-1118 – RSA Security RSA Authentication Agent For Web 5.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-1118
14 Apr 2005 — Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter. • https://www.exploit-db.com/exploits/25421 •