CVE-2015-4184
https://notcve.org/view.php?id=CVE-2015-4184
The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733. El escáner anti-spam en los dispositivos Cisco Email Security Appliance (ESA) 3.3.1-09, 7.5.1-gpl-022, y 8.5.6-074 permite a atacantes remotos evadir les restricciones de email a través de un registro DNS SPF malformado, también conocido como Bug IDs CSCuu35853 y CSCuu37733. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39339 http://www.securityfocus.com/bid/75181 http://www.securitytracker.com/id/1032582 • CWE-20: Improper Input Validation •
CVE-2015-0734
https://notcve.org/view.php?id=CVE-2015-0734
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email Security Appliance (ESA) 8.5.6-106 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCut87743. Múltiples vulnerabilidades cross-site scripting (XSS) en el Cisco Email Security Appliance (ESA) 8.5.6-106 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros no especificados en solicitudes (1) GET o (2) POST, también conocido como Bug ID CSCut87743. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38866 http://www.securitytracker.com/id/1032333 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-0624 – Cisco Ironport AsyncOS HTTP Header Injection
https://notcve.org/view.php?id=CVE-2015-0624
The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639. El Framework web en los dispositivos Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), y Web Security Appliance (WSA) permite a atacantes remotos provocar redirecciones a través de una cabecera HTTP manipulada, también conocido como Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, y CSCur89639. Cisco Ironport AsyncOS suffers from an HTTP header injection vulnerability. • http://packetstormsecurity.com/files/130525/Cisco-Ironport-AsyncOS-HTTP-Header-Injection.html http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0624 http://www.securityfocus.com/bid/72702 http://www.securitytracker.com/id/1031781 http://www.securitytracker.com/id/1031782 • CWE-20: Improper Input Validation •
CVE-2015-0605
https://notcve.org/view.php?id=CVE-2015-0605
The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343. El motor de inspección uuencode en Cisco AsyncOS en los dispositivos Cisco Email Security Appliance (ESA) 8.5 y anteriores permite a atacantes remotos evadir las restricciones de contenido a través de un adjunto de email manipulado con cifrado uuencode, también conocido como Bug ID CSCzv54343. • http://secunia.com/advisories/62829 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0605 http://tools.cisco.com/security/center/viewAlert.x?alertId=37384 http://www.securityfocus.com/bid/72528 https://exchange.xforce.ibmcloud.com/vulnerabilities/100695 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-3289
https://notcve.org/view.php?id=CVE-2014-3289
Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888. Vulnerabilidad de XSS en la interfaz de gestión web en Cisco AsyncOS en Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) y anteriores y Content Security Management Appliance (SMA) 8.3 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro manipulado, tal y como fue demostrado por el parámetro date_range en monitor/reports/overview en IronPort ESA, también conocido como Bug IDs CSCun07998, CSCun07844 y CSCun07888. • http://packetstormsecurity.com/files/127004/Cisco-Ironport-Email-Security-Virtual-Appliance-8.0.0-671-XSS.html http://seclists.org/fulldisclosure/2014/Jun/57 http://secunia.com/advisories/58296 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3289 http://tools.cisco.com/security/center/viewAlert.x?alertId=34569 http://www.kb.cert.org/vuls/id/613308 http://www.securityfocus.com/bid/67943 http://www.securitytracker.com/id/1030407 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •