CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 2CVE-2009-1220 – Cisco ASA Appliance 7.x/8.0 WebVPN - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1220
Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the Host HTTP header. Una vulnerabilidad de tipo cross-site scripting (XSS) en archivo +webvpn+/index.html en el WebVPN en los Adaptive Security Appliances (ASA) 5520 de Cisco con el software versiones 7.2(4)30 y anteriores a 7.2 incluyendo 7.2(2)22, y versiones 8.0(4)28 y anteriores a 8.0, cuando el modo clientless está habilitado, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del encabezado HTTP Host. • https://www.exploit-db.com/exploits/32878 http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0478.html http://tools.cisco.com/security/center/viewAlert.x?alertId=17950 http://www.securityfocus.com/archive/1/502313/100/0/threaded http://www.securityfocus.com/archive/1/502932 http://www.securityfocus.com/bid/34307 http://www.securitytracker.com/id?1022122 http://www.vupen.com/english/advisories/2009/1169 https://exchange.xforce.ibmcloud.com/vulnerabilities/49528 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 2%CPEs: 310EXPL: 0CVE-2009-0630
https://notcve.org/view.php?id=CVE-2009-0630
The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission Control HTTP Authentication Proxy; (6) Per-user URL Redirect for EAPoUDP, Dot1x, and MAC Authentication Bypass; (7) Distributed Director with HTTP Redirects; and (8) TCP DNS features in Cisco IOS 12.0 through 12.4 do not properly handle IP sockets, which allows remote attackers to cause a denial of service (outage or resource consumption) via a series of crafted TCP packets. Las funcionalidades (1) Cisco Unified Communications Manager Express; (2) el soporte de Transport Layer Security (TLS) para SIP Gateway Signaling; (3) Secure Signaling y Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission Control HTTP Authentication Proxy; (6) Per-user URL Redirect para EAPoUDP, Dot1x, y la integración de autenticación MAC; (7) Distributed Director con HTTP Redirects; y (8) TCP DNS en Cisco IOS v12.0 hasta 12.4 no maneja adecuadamente los "sockets", permitiendo a atacantes remotos provocar una denegación de servicio (apagado o consumo de recursos) mediante una serie de paquetes TCP manipulados. • http://secunia.com/advisories/34438 http://securitytracker.com/id?1021897 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c6.shtml http://www.securityfocus.com/bid/34242 http://www.vupen.com/english/advisories/2009/0851 https://exchange.xforce.ibmcloud.com/vulnerabilities/49418 •
CVSS: 7.8EPSS: 2%CPEs: 310EXPL: 0CVE-2009-0631
https://notcve.org/view.php?id=CVE-2009-0631
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, or (4) Media Gateway Control Protocol (MGCP) allows remote attackers to cause a denial of service (blocked input queue on the inbound interface) via a crafted UDP packet. Vulnerabilidad no especificada en Cisco IOS v12.0 hasta v12.4, cuando se ha configurado con (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, o (4) Media Gateway Control Protocol (MGCP) permite a atacantes remotos provocar una denegación de servicio (bloqueo de entrada a la cola en el interfaz de entrada) mediante un paquete UDP manipulado. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90426.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml http://www.securityfocus.com/bid/34245 http://www.securitytracker.com/id?1021904 https://exchange.xforce.ibmcloud.com/vulnerabilities/49419 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6720 •
CVSS: 7.8EPSS: 2%CPEs: 310EXPL: 0CVE-2009-0636
https://notcve.org/view.php?id=CVE-2009-0636
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message. Vulnerabilidad no especificada en Cisco IOS v12.0 hasta v12.4, cuando están habilitados los servicios de voz SIP, permite a atacantes remotos provocar una denegación de servicio (caída del dispositivo) mediante un mensaje SIP válido. • http://secunia.com/advisories/34438 http://securitytracker.com/id?1021902 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c0.shtml http://www.securityfocus.com/bid/34243 http://www.vupen.com/english/advisories/2009/0851 https://exchange.xforce.ibmcloud.com/vulnerabilities/49421 •
CVSS: 4.3EPSS: 0%CPEs: 284EXPL: 2CVE-2008-3821 – Cisco IOS 12.x - HTTP Server Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-3821
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el servidor HTTP en Cisco IOS v11.0 hasta v12.4, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante (1) la cadena query al programa ping o (2) otros aspectos no especificados de una URI. • https://www.exploit-db.com/exploits/32723 http://jvn.jp/en/jp/JVN28344798/index.html http://osvdb.org/51393 http://osvdb.org/51394 http://secunia.com/advisories/33461 http://securityreason.com/securityalert/4916 http://securitytracker.com/id?1021598 http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19 http://www.securityfocus.com/archive/1/500063/100/0/threaded http://www.securi • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •