CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2010-3361
https://notcve.org/view.php?id=CVE-2010-3361
20 Oct 2010 — The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2.1.5 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. Las secuencias de comandos (1) iked, (2) ikea, y (3) ikec Shrew Soft IKE v2.1.5 coloca un nombre de directorio con tamaño "zero" en LD_LIBRARY_PATH, lo que permite a usuarios locales obtener privilegios a través de un troyano compartido en la librería del actual directori... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598292 •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 4CVE-2009-4118 – Cisco VPN Client - Integer Overflow Denial of Service
https://notcve.org/view.php?id=CVE-2009-4118
01 Dec 2009 — The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running. La función StartServiceCtrlDispatcher en el servicio cvpnd (cvpnd.exe) del cliente Cisco VPN para Windows versiones anteriores a 5.0.06.0100 no maneja ... • https://www.exploit-db.com/exploits/10190 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-0324 – Cisco VPN Client - IPSec Driver Local kernel system pool Corruption (PoC)
https://notcve.org/view.php?id=CVE-2008-0324
17 Jan 2008 — Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption. Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 permite a usuarios locales provocar una denegación de servicio (caída) llamando as IOCTL 0x80002038 con valor de tamaño pequeño, lo cual provoca una corrupción de memoria. • https://www.exploit-db.com/exploits/4911 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4415
https://notcve.org/view.php?id=CVE-2007-4415
18 Aug 2007 — Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe. Cisco VPN Client sobre Windows anterior a 5.0.01.0600, y la versión 5.0.01.0600 InstallShield (IS), utiliza permisos débiles para cvpnd.exe (modificando los privilegios en Interactive Users), lo cual permite a usuarios locales ganar privilegios a través de un cvpnd.exe m... • http://secunia.com/advisories/26459 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4414
https://notcve.org/view.php?id=CVE-2007-4414
18 Aug 2007 — Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box. Cisco VPN Client sobre Windows anterior a 4.8.02.0010 permite a usuarios locales obtener privilegios habilitando las opciones "Iniciar Antes del Inicio de Sesión" (Start Before Logon o SBL) y Conexión de Acceso Telefónico Remoto de Microsoft (Microsoft Dial-Up Networking), y despu... • http://secunia.com/advisories/26459 •
CVSS: 6.1EPSS: 0%CPEs: 40EXPL: 0CVE-2007-1467
https://notcve.org/view.php?id=CVE-2007-1467
16 Mar 2007 — Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engin... • http://secunia.com/advisories/24499 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2006-2679
https://notcve.org/view.php?id=CVE-2006-2679
31 May 2006 — Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265. • http://secunia.com/advisories/20261 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2002-1105
https://notcve.org/view.php?id=CVE-2002-1105
04 Oct 2002 — Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password. • http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2002-1106
https://notcve.org/view.php?id=CVE-2002-1106
04 Oct 2002 — Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks. • http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1104
https://notcve.org/view.php?id=CVE-2002-1104
04 Oct 2002 — Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS). • http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml •