CVSS: 3.5EPSS: 0%CPEs: 40EXPL: 0CVE-2007-1467
https://notcve.org/view.php?id=CVE-2007-1467
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en (1) PreSearch.html y (2) PreSearch.class en Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks y productos relacionados, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), y Wireless Control System (WCS) permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de campos de texto de un formulario de búsqueda. • http://secunia.com/advisories/24499 http://securityreason.com/securityalert/2437 http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html http://www.securityfocus.com/archive/1/462932/100/0/threaded http://www.securityfocus.com/archive/1/462944/100/0/threaded http://www.securityfocus.com/bid/22982 http://www.securitytracker.com/id?1017778 http://www.vupen.com/english/advisories/2007/0973 https://exchange.xforce.ibmcloud.com/vulnerabilities/33024 •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3289
https://notcve.org/view.php?id=CVE-2006-3289
Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL". Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la página de inicio de sesión del interfaz HTTP de Cisco Wireless Control System (WCS) para Linux y Windows en sus versiones anteriores a la v3.2(51). Permite a usuarios remotos inyectar codigo de script web o código HTML a través de vectores de ataque desconocidos que involucran una "URL maliciosa". • http://secunia.com/advisories/20870 http://securitytracker.com/id?1016398 http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml http://www.osvdb.org/26880 http://www.securityfocus.com/bid/18701 http://www.vupen.com/english/advisories/2006/2583 https://exchange.xforce.ibmcloud.com/vulnerabilities/27441 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2006-3286
https://notcve.org/view.php?id=CVE-2006-3286
The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951). La base de datos interna de Cisco Wireless Control System (WCS) para Linux y Windows en sus versiones anteriores a la v3.2(63) almacena de manera fija en el código un usuario y contraseña en texto plano en ficheros sin especificar, lo que permite a usuarios autenticados remotos acceder a la base de datos (también conocido como bug CSCsd15951). • http://secunia.com/advisories/20870 http://securitytracker.com/id?1016398 http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml http://www.osvdb.org/26883 http://www.securityfocus.com/bid/18701 http://www.vupen.com/english/advisories/2006/2583 https://exchange.xforce.ibmcloud.com/vulnerabilities/27438 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2006-3287
https://notcve.org/view.php?id=CVE-2006-3287
Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391). Cisco Wireless Control System (WCS) para Linux y Windows en sus versiones anteriores a la v4.0(1) usa el nombre de usuario administrador por defecto "root" y la contraseña "public," lo que permite a atacantes remotos obtener acceso (también conocido como bug CSCse21391). • http://secunia.com/advisories/20870 http://securitytracker.com/id?1016398 http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml http://www.osvdb.org/26882 http://www.securityfocus.com/bid/18701 http://www.vupen.com/english/advisories/2006/2583 https://exchange.xforce.ibmcloud.com/vulnerabilities/27439 •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 0CVE-2006-3288
https://notcve.org/view.php?id=CVE-2006-3288
Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors. Vulnerabilidad sin especificar en el servidor TFTP de Cisco Wireless Control System (WCS) para Linux y Windows en sus versiones anteriores a la v3.2(51). Cuando está configurado para utilizar un nombre de ruta de directorio que contiene un espacio en blanco, permite a usuarios autenticados remotos leer y sobreescribir ficheros de su elección a través de vectores de ataque desconocidos. • http://secunia.com/advisories/20870 http://securitytracker.com/id?1016398 http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml http://www.osvdb.org/26881 http://www.securityfocus.com/bid/18701 http://www.vupen.com/english/advisories/2006/2583 https://exchange.xforce.ibmcloud.com/vulnerabilities/27440 •