Page 21 of 105 results (0.007 seconds)

CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0

Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtd32106. Vulnerabilidad no especificada en la característica de inspección SIP en Cisco Adaptive Security Appliances (ASA) para dispositivos serie 5500 con software v8.0 anteriores a v8.0(5.17), v8.1 anteriores a v8.1(2.45), y v8.2 anteriores a v8.2(2.13), permite a atacantes remotos provocar una denegación de servicio (recarga del dispositivo) mediante paquetes SIP manipulados, también conocido como Bug ID CSCtd32106. • http://secunia.com/advisories/40842 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml http://www.securityfocus.com/bid/42189 •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web sites via a crafted URL obfuscated with ROT13 and a certain encoding. NOTE: this issue was originally reported as a vulnerability related to lack of restrictions to URLs listed in the Cisco WebVPN bookmark component, but the vendor states that "The bookmark feature is not a security feature." La configuración por defecto de Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) v7.0, v7.1, v7.2, v8.0, v8.1, y v8.2 permite que el tráfico del portal acceda a servidores de su elección en el backend, lo que podría permitir a usuarios autenticados remotamente eludir las restricciones de acceso implementadas y acceder a sitios web no autorizados mediante una URL ofuscada con ROT13 y cierto cifrado. NOTA: este comportamiento fue reportado originalmente como una carencia de restricciones en el listado de URLs en el componente de marcadores de Cisco WebVPN, pero el fabricante mantiene que "la característica de marcador no es una característica de seguridad" • http://osvdb.org/61132 http://secunia.com/advisories/37710 http://tools.cisco.com/security/center/viewAlert.x?alertId=19609 http://www.securityfocus.com/archive/1/508530/100/0/threaded http://www.securitytracker.com/id?1023368 http://www.vupen.com/english/advisories/2009/3577 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 2

Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694. Vulnerabilidad de inyección "Eval" en la función csco_wrap_js en /+CSCOL+/cte.js en WebVPN en los dispositivos Cisco Adaptive Security Appliances (ASA) con software 8.0(4), 8.1.2, y 8.2.1, permite a atacantes remotos eludir un envoltorio (wrapper) DOM y realizar ataques de secuencias de comandos en sitios cruzados (XSS) configurando el valor CSCO_WebVPN['process'] con el nombre de la función modificada, alias Bug ID CSCsy80694. The Cisco ASA Web VPN versions 8.0(4), 8.1.2, and 8.2.1 suffer from cross site scripting, credential theft, and html rewriting bypass vulnerabilities. • https://www.exploit-db.com/exploits/33055 http://secunia.com/advisories/35511 http://www.securityfocus.com/archive/1/504516/100/0/threaded http://www.securityfocus.com/bid/35476 http://www.securitytracker.com/id?1022457 http://www.vupen.com/english/advisories/2009/1713 https://www.trustwave.com/spiderlabs/advisories/TWSL2009-002.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705. WebVPN en los dispositivos Cisco Adaptive Security Appliances (ASA) con software 8.0(4), 8.1.2, y 8.2.1 permite a atacantes remotos eludir ciertos mecanismos de protección que impliquen la reescritura de URL y HTML y realizar ataques de secuencias de comandos en sitios cruzados (XSS) modificando el primer carácter codificado hexadecimal en una URI /+CSCO+, alias Bug ID CSCsy80705. The Cisco ASA Web VPN versions 8.0(4), 8.1.2, and 8.2.1 suffer from cross site scripting, credential theft, and html rewriting bypass vulnerabilities. • http://secunia.com/advisories/35511 http://www.securityfocus.com/archive/1/504516/100/0/threaded http://www.securityfocus.com/bid/35480 http://www.securitytracker.com/id?1022457 http://www.vupen.com/english/advisories/2009/1713 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.0EPSS: 3%CPEs: 4EXPL: 2

WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709. WebVPN en los dispositivos Cisco Adaptive Security Appliances (ASA) con software 8.0(4), 8.1.2, y 8.2.1 no distingue de manera apropiada su propia pantalla de login de las pantallas de login que produce para servidores (1) FTP and (2) CIFS de terceros, lo que facilita a atacantes remotos engañar a un usuario enviándole credenciales WebVPN para un servidor de su elección mediante una URL asociada con este servidor, alias Bug ID CSCsy80709. The Cisco ASA Web VPN versions 8.0(4), 8.1.2, and 8.2.1 suffer from cross site scripting, credential theft, and html rewriting bypass vulnerabilities. • https://www.exploit-db.com/exploits/33054 http://secunia.com/advisories/35511 http://www.securityfocus.com/archive/1/504516/100/0/threaded http://www.securityfocus.com/bid/35475 http://www.securitytracker.com/id?1022457 http://www.vupen.com/english/advisories/2009/1713 •