Page 28 of 178 results (0.008 seconds)

CVSS: 2.6EPSS: 5%CPEs: 225EXPL: 2

Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers. • http://secunia.com/advisories/17780 http://secunia.com/advisories/18528 http://securityreason.com/securityalert/227 http://securitytracker.com/id?1015275 http://www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml http://www.idefense.com/intelligence/vulnerabilities/display.php?id=372 http://www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/cisco/index.html http://www.securityfocus.com/archive/1/417916/100/0/threaded http://www.securityfocus.com/bid/15602 http://www.securit •

CVSS: 9.3EPSS: 5%CPEs: 228EXPL: 0

Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the feasibility of exploitation of any vulnerabilities that might exist. Such design-level weaknesses normally are not included in CVE, so perhaps this issue should be REJECTed. • http://secunia.com/advisories/17413 http://securitytracker.com/id?1015139 http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml http://www.kb.cert.org/vuls/id/562945 http://www.securityfocus.com/bid/15275 http://www.vupen.com/english/advisories/2005/2282 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4914 •

CVSS: 2.1EPSS: 12%CPEs: 148EXPL: 0

Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet. Cisco IOS 12.0 hasta 12.4 y IOS XR anterior a 3.2 con IPv6 habilitado, permite que atacantes remotos en un segmento de red local provoquen una denegación de servicio (recarga del dispositivo) y posiblmemente ejecuten código arbitrario mediante un paquete IPv6 amañado. • http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0663.html http://secunia.com/advisories/16272 http://securitytracker.com/id?1014598 http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml http://www.kb.cert.org/vuls/id/930892 http://www.osvdb.org/18332 http://www.securityfocus.com/bid/14414 http://www.us-cert.gov/cas/techalerts/TA05-210A.html https://exchange.xforce.ibmcloud.com/vulnerabilities/21591 https://oval.cisecurity.org/repository/search/defin •

CVSS: 7.1EPSS: 2%CPEs: 337EXPL: 0

Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data. • http://secunia.com/advisories/14854 http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml http://www.securityfocus.com/bid/13043 http://www.securitytracker.com/alerts/2005/Apr/1013655.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19987 https://exchange.xforce.ibmcloud.com/vulnerabilities/19989 https://exchange.xforce.ibmcloud.com/vulnerabilities/19990 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5455 • CWE-287: Improper Authentication •

CVSS: 7.1EPSS: 1%CPEs: 93EXPL: 0

Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password. • http://secunia.com/advisories/14854 http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml http://www.osvdb.org/15303 http://www.securityfocus.com/bid/13042 http://www.securitytracker.com/alerts/2005/Apr/1013655.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19991 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5687 • CWE-399: Resource Management Errors •