Page 2 of 23 results (0.009 seconds)

CVSS: 4.3EPSS: 79%CPEs: 1EXPL: 3

Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters. Vilnerabilidad de cross-site scripting (XSS) en LogonProxy.cgi en Cisco Secure ACS para UNIX v2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del (1) error, (2) SSL, y (3) parámetros Ok. • https://www.exploit-db.com/exploits/28030 http://secunia.com/advisories/20699 http://securityreason.com/securityalert/1116 http://securitytracker.com/id?1016317 http://www.cisco.com/en/US/products/sw/secursw/ps4911/tsd_products_security_response09186a00806b8bdb.html http://www.osvdb.org/26531 http://www.securityfocus.com/archive/1/437441/100/0/threaded http://www.securityfocus.com/archive/1/437480/100/0/threaded http://www.securityfocus.com/bid/18449 http://www.vupen.com/englis •

CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0

Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key. • http://securitytracker.com/id?1016042 http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml http://www.osvdb.org/25892 http://www.securityfocus.com/archive/1/433286/100/0/threaded http://www.securityfocus.com/archive/1/433301/100/0/threaded http://www.securityfocus.com/bid/16743 http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt http://www.vupen.com/english/advisories/2006/1741 https://exchange.xforce.ibmcloud.com/vulnerabilities/26307 •

CVSS: 7.5EPSS: 1%CPEs: 156EXPL: 0

The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS. • http://secunia.com/advisories/18141 http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml http://www.osvdb.org/22193 http://www.securityfocus.com/archive/1/420020/100/0/threaded http://www.securityfocus.com/archive/1/420103/100/0/threaded http://www.securityfocus.com/bid/16025 •

CVSS: 5.0EPSS: 93%CPEs: 296EXPL: 2

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt http://secunia.com/advisories/15393 http://secunia.com/advisories/15417 http://secunia.com/advisories/18222 http://secunia.com/advisories/18662 http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml http:/& •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password. • http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml http://www.securityfocus.com/bid/11047 https://exchange.xforce.ibmcloud.com/vulnerabilities/17117 •