Page 14 of 72 results (0.009 seconds)

CVSS: 7.8EPSS: 0%CPEs: 42EXPL: 0

Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf37506. Vulnerabilidad no especificada en la implementación de Transport Layer Security (TLS) en Cisco Adaptive Security Appliances (ASA) para dispositivos de la serie 5500 con software v7.2 anteriores a v7.2(5), v8.0 anteriores a v8.0(5.15), v8.1 anteriores a v8.1(2.44), v8.2 anteriores a v8.2(2.17), y v8.3 anteriores a v8.3(1.6) y Cisco PIX Security Appliances para dispositivos de la serie 500, permite a atacantes remotos provocar una denegación de servicio (recarga del dispositivo) mediante secuencias de paquetes TLS manipulados, también conocido como Bug ID CSCtf37506. • http://secunia.com/advisories/40842 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml http://www.securityfocus.com/bid/42196 •

CVSS: 7.8EPSS: 0%CPEs: 39EXPL: 0

Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc77567. Vulnerabilidad no especificada en la característica de inspección SunRPC en dispositivos Cisco Adaptive Security Appliances (ASA) serie 5500 con software v7.2 anteriores a v7.2(5), v8.0 anteriores a v8.0(5.19), v8.1 anteriores a v8.1(2.47), y v8.2 anteriores a v8.2(2) y Cisco PIX Security Appliances 500, permite a atacantes remotos provocar una denegación de servicio (recarga del dispositivo) mediante un mensajes SunRPC UDP manipulados, también conocido como Bug ID CSCtc77567. • http://secunia.com/advisories/40842 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml •

CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0

Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtd32106. Vulnerabilidad no especificada en la característica de inspección SIP en Cisco Adaptive Security Appliances (ASA) para dispositivos serie 5500 con software v8.0 anteriores a v8.0(5.17), v8.1 anteriores a v8.1(2.45), y v8.2 anteriores a v8.2(2.13), permite a atacantes remotos provocar una denegación de servicio (recarga del dispositivo) mediante paquetes SIP manipulados, también conocido como Bug ID CSCtd32106. • http://secunia.com/advisories/40842 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml http://www.securityfocus.com/bid/42189 •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 2

Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694. Vulnerabilidad de inyección "Eval" en la función csco_wrap_js en /+CSCOL+/cte.js en WebVPN en los dispositivos Cisco Adaptive Security Appliances (ASA) con software 8.0(4), 8.1.2, y 8.2.1, permite a atacantes remotos eludir un envoltorio (wrapper) DOM y realizar ataques de secuencias de comandos en sitios cruzados (XSS) configurando el valor CSCO_WebVPN['process'] con el nombre de la función modificada, alias Bug ID CSCsy80694. The Cisco ASA Web VPN versions 8.0(4), 8.1.2, and 8.2.1 suffer from cross site scripting, credential theft, and html rewriting bypass vulnerabilities. • https://www.exploit-db.com/exploits/33055 http://secunia.com/advisories/35511 http://www.securityfocus.com/archive/1/504516/100/0/threaded http://www.securityfocus.com/bid/35476 http://www.securitytracker.com/id?1022457 http://www.vupen.com/english/advisories/2009/1713 https://www.trustwave.com/spiderlabs/advisories/TWSL2009-002.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705. WebVPN en los dispositivos Cisco Adaptive Security Appliances (ASA) con software 8.0(4), 8.1.2, y 8.2.1 permite a atacantes remotos eludir ciertos mecanismos de protección que impliquen la reescritura de URL y HTML y realizar ataques de secuencias de comandos en sitios cruzados (XSS) modificando el primer carácter codificado hexadecimal en una URI /+CSCO+, alias Bug ID CSCsy80705. The Cisco ASA Web VPN versions 8.0(4), 8.1.2, and 8.2.1 suffer from cross site scripting, credential theft, and html rewriting bypass vulnerabilities. • http://secunia.com/advisories/35511 http://www.securityfocus.com/archive/1/504516/100/0/threaded http://www.securityfocus.com/bid/35480 http://www.securitytracker.com/id?1022457 http://www.vupen.com/english/advisories/2009/1713 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •