CVSS: 4.3EPSS: 5%CPEs: 11EXPL: 6CVE-2011-0961 – CiscoWorks Common Services Framework 3.1.1 Help Servlet - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-0961
Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en cwhp/device.center.do en el servlet Help en Cisco CiscoWorks Common Services v3.3 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro "device", también conocido cómo Bug ID CSCto12704. Cisco Unified Operations Manager suffers from cross site scripting, remote SQL injection, and directory traversal vulnerabilities. Versions 8.0 and 8.5 are affected. • https://www.exploit-db.com/exploits/35779 https://www.exploit-db.com/exploits/17304 http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html http://tools.cisco.com/security/center/viewAlert.x?alertId=23088 http://www.exploit-db.com/exploits/17304 http://www.securityfocus.com/bid/47902 http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/67523 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 9%CPEs: 21EXPL: 0CVE-2010-3036
https://notcve.org/view.php?id=CVE-2010-3036
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352. Multiples desbordamientos de búfer en la función de autenticación en el módulo web-server de Cisco CiscoWorks Common Services anterior a v4.0 permite a los atacantes remotos ejecutar código a su elección a través de sesiones TCP en el puerto (1) 443 o (2) 1741, también conocido como "Bug ID CSCti41352". • http://osvdb.org/68927 http://secunia.com/advisories/42011 http://securitytracker.com/id?1024646 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml http://www.securityfocus.com/bid/44468 http://www.vupen.com/english/advisories/2010/2793 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 29%CPEs: 4EXPL: 0CVE-2010-0138 – Cisco CiscoWorks IPM GIOP getProcessName Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0138
Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350. Desbordamiento de búfer en Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 y versiones anteriores en Windows, tal y como se distrubuye en CiscoWorks LAN Management Solution (LMS), permite a atacantes remotos ejecutar código de su elección mediante una petición getProcessName CORBA General Inter-ORB Protocol (GIOP) malformada, relacionado con un "componente de terceros", también conocido como Bug ID CSCsv62350. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco CiscoWorks Internetwork Performance Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of CORBA GIOP requests. By making a specially crafted getProcessName GIOP request an attacker can corrupt memory. • http://secunia.com/advisories/38230 http://securitytracker.com/id?1023484 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1351d.shtml http://www.securityfocus.com/bid/37879 http://www.vupen.com/english/advisories/2010/0184 http://www.zerodayinitiative.com/advisories/ZDI-10-004 https://exchange.xforce.ibmcloud.com/vulnerabilities/55768 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 33EXPL: 0CVE-2009-1161
https://notcve.org/view.php?id=CVE-2009-1161
Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el servicio TFTP en Cisco CiscoWorks Common Services (CWCS) v3.0.x hasta v3.2.x en Windows, también utilizado en Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager y otros productos, lo que permite atacantes remotos acceder a ficheros arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN62527913/index.html http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html http://osvdb.org/54616 http://secunia.com/advisories/35179 http://securitytracker.com/id?1022263 http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml http://www.securityfocus.com/bid/35040 http://www.vupen.com/english/advisories/2009/1390 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 7%CPEs: 6EXPL: 0CVE-2008-2054
https://notcve.org/view.php?id=CVE-2008-2054
Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors. Vulnerabilidad sin especificar en Cisco CiscoWorks Common Services 3.0.3 a la 3.1.1, permite a atacantes remotos ejecutar código arbitrario en una máquina cliente a través de vectores desconocidos. • http://secunia.com/advisories/30422 http://www.cisco.com/en/US/products/products_security_advisory09186a00809a1f14.shtml http://www.liquidmatrix.org/blog/2008/05/28/advisory-ciscoworks-arbitrary-code-execution-vulnerability http://www.securitytracker.com/id?1020127 http://www.vupen.com/english/advisories/2008/1687/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42702 •