Page 2 of 10 results (0.004 seconds)

CVSS: 3.5EPSS: 0%CPEs: 40EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en (1) PreSearch.html y (2) PreSearch.class en Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks y productos relacionados, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), y Wireless Control System (WCS) permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de campos de texto de un formulario de búsqueda. • http://secunia.com/advisories/24499 http://securityreason.com/securityalert/2437 http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html http://www.securityfocus.com/archive/1/462932/100/0/threaded http://www.securityfocus.com/archive/1/462944/100/0/threaded http://www.securityfocus.com/bid/22982 http://www.securitytracker.com/id?1017778 http://www.vupen.com/english/advisories/2007/0973 https://exchange.xforce.ibmcloud.com/vulnerabilities/33024 •

CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0

Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265. • http://secunia.com/advisories/20261 http://securitytracker.com/id?1016156 http://www.cisco.com/en/US/products/products_security_advisory09186a008069a323.shtml http://www.osvdb.org/25888 http://www.securityfocus.com/bid/18094 http://www.vupen.com/english/advisories/2006/1964 https://exchange.xforce.ibmcloud.com/vulnerabilities/26632 •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing. • http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml http://www.securityfocus.com/bid/5653 https://exchange.xforce.ibmcloud.com/vulnerabilities/10046 •

CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0

Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. El Cliente de Red Privada Virtual (VPN) de Cisco 3.5.4 y anteriores permite a atacantes remotos causar una denegación de servicio (consumición de CPU) mediante un paquete con una carga útil de longitud cero. • http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml http://www.iss.net/security_center/static/9821.php http://www.kb.cert.org/vuls/id/287771 http://www.securityfocus.com/bid/5440 •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads. Desbordamiento de búfer en Cliente de Red Privada Virtual (VPN) de Cisco 3.5.4 y anteriores permite a atacantes remotos causar una denegación de servicio mediante un Intecambio de Clave de Intenet (Internet Key Exchange - IKE) con un contenido útil (payload) de una Índice de Parámetro de Seguridad (Security Parameter Index - SQI) largo, o un paquete IKE con un número grande de contenidos útiles válidos. • http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml •