Page 3 of 22 results (0.011 seconds)

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0

CVE-2008-1157

https://notcve.org/view.php?id=CVE-2008-1157

Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands. Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 crea un proceso que ejecuta una consola de comandos y escucha en un puerto TCP elegido de forma aleatoria, que permite a atacantes remotos ejecutar comandos de su elección. • http://secunia.com/advisories/29376 http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml http://www.securityfocus.com/bid/28249 http://www.securitytracker.com/id?1019611 http://www.vupen.com/english/advisories/2008/0876/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41208 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

CVE-2007-5582

https://notcve.org/view.php?id=CVE-2007-5582

Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la página de inicio de sesión de Cisco CiscoWorks Server (CS), posiblemente 2.6 y anteriores, al utilizar CiscoWorks Common Services 3.0.x y 3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://secunia.com/advisories/27902 http://securityreason.com/securityalert/3449 http://securitytracker.com/id?1019043 http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsk69289 http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks http://www.securityfocus.com/archive/1/484609/100/0/threaded http://www.securityfocus.com/bid/26708 http://www.vupen • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 40EXPL: 0

CVE-2007-1467

https://notcve.org/view.php?id=CVE-2007-1467

Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en (1) PreSearch.html y (2) PreSearch.class en Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks y productos relacionados, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), y Wireless Control System (WCS) permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de campos de texto de un formulario de búsqueda. • http://secunia.com/advisories/24499 http://securityreason.com/securityalert/2437 http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html http://www.securityfocus.com/archive/1/462932/100/0/threaded http://www.securityfocus.com/archive/1/462944/100/0/threaded http://www.securityfocus.com/bid/22982 http://www.securitytracker.com/id?1017778 http://www.vupen.com/english/advisories/2007/0973 https://exchange.xforce.ibmcloud.com/vulnerabilities/33024 •

CVSS: 7.5EPSS: 0%CPEs: 36EXPL: 0

CVE-2006-1961

https://notcve.org/view.php?id=CVE-2006-1961

Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory. • http://secunia.com/advisories/19736 http://secunia.com/advisories/19739 http://secunia.com/advisories/19741 http://securitytracker.com/id?1015965 http://www.assurance.com.au/advisories/200604-cisco.txt http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml http://www.osvdb.org/24813 http://www.securityfocus.com/archive/1/431367/30/5490/threaded http://www.securityfocus.com/archive/1/431371/30 •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2005-3427

https://notcve.org/view.php?id=CVE-2005-3427

The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit port field values while generating the Cisco IOS IPS configuration file, wich can cause some signatures to be disabled and makes it easier for attackers to escape detection. • http://secunia.com/advisories/17397 http://securityreason.com/securityalert/137 http://securitytracker.com/id?1015133 http://www.cisco.com/warp/public/707/cisco-sa-20051101-ipsmc.shtml http://www.kb.cert.org/vuls/id/154883 http://www.osvdb.org/20444 http://www.securityfocus.com/bid/15269 http://www.vupen.com/english/advisories/2005/2266 https://exchange.xforce.ibmcloud.com/vulnerabilities/22926 •