CVE-2013-3431 – Cisco Video Surveillance Operations Manager 6.3.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-3431
Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169. Cisco Video Surveillance Manager (VSM) anteriores a v7.0.0 no requiere autenticación para acceder a las páginas de monitorización, permitiendo que atacantes remotos obtengan configuración sensible, archivos, e información de los log mediante vectores no especificados, relacionados con el paquete Cisco_VSBWT (también conocido como código de ejemplo Broadware), también referenciado como Bug ID CSCsv40169. • https://www.exploit-db.com/exploits/24786 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm http://www.securityfocus.com/bid/61431 http://www.securitytracker.com/id/1028827 https://exchange.xforce.ibmcloud.com/vulnerabilities/85945 • CWE-287: Improper Authentication •
CVE-2013-3430 – Cisco Video Surveillance Operations Manager 6.3.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-3430
Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288. Cisco Video Surveillance Manager (VSM) anteriores a v7.0.0 permite que atacantes remotos obtengan configuración sensible, archivos e información de log mediante vectores no especificados, relacionados con el paquete Cisco_VSBWT (también conocido como código de ejemplo Broadware), también referenciado como Bug ID CSCsv37288. • https://www.exploit-db.com/exploits/24786 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm http://www.securityfocus.com/bid/61432 http://www.securitytracker.com/id/1028827 https://exchange.xforce.ibmcloud.com/vulnerabilities/85946 • CWE-287: Improper Authentication •
CVE-2013-3429 – Cisco Video Surveillance Operations Manager 6.3.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-3429
Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37163. Múltiples vulnerabilidades de salto de directorio en Cisco Video Surveillance Manager (VSM) anteriores a v7.0.0 permite que atacantes remotos lean ficheros del sistema mediante URL modifificadas, relacionadas con el paquete Cisco_VSBWT (también conocido como código de ejemplo Broadware), también referenciado como Bug ID CSCsv37163. • https://www.exploit-db.com/exploits/24786 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm http://www.securityfocus.com/bid/61430 http://www.securitytracker.com/id/1028827 https://exchange.xforce.ibmcloud.com/vulnerabilities/85947 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2013-3376
https://notcve.org/view.php?id=CVE-2013-3376
Open redirect vulnerability in the help page in Cisco Video Surveillance Operations Manager allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCty74490. Vulnerabilidad de redirección abierta en la página de ayuda de Cisco Video Surveillance Operations Manager, permite a atacantes remotos redireccionar usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing mediante una URL manipulada. Aka Bug ID CSCty74490. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3376 • CWE-20: Improper Input Validation •
CVE-2009-2045
https://notcve.org/view.php?id=CVE-2009-2045
The Cisco Video Surveillance Stream Manager firmware before 5.3, as used on Cisco Video Surveillance Services Platforms and Video Surveillance Integrated Services Platforms, allows remote attackers to cause a denial of service (reboot) via a malformed payload in a UDP packet to port 37000, related to the xvcrman process, aka Bug ID CSCsj47924. El firmware de Cisco Video Surveillance Stream Manager anterior a v5.3, utilizado en Cisco Video Surveillance Services Platforms y Video Surveillance Integrated Services Platforms, permite a atacantes remotos provocar una denegación de servicio (reinicio) a través de una carga útil mal formada en un paquete UDP al puerto 37000, relacionada con el proceso xvcrman, también conocido como Bug ID CSCsj47924. • http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080ad1002.html http://www.cisco.com/en/US/products/products_security_advisory09186a0080ad0f8f.shtml http://www.securitytracker.com/id?1022446 •