CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 3CVE-2010-0440 – Cisco Secure Desktop 3.x - 'translation' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-0440
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en +CSCOT+/translation en Cisco Secure Desktop v3.4.2048, y otras versiones anteriores a la v3.5; tal y como lo utiliza el appliance Cisco ASA anteriores a v8.2(1), v8.1(2.7), y v8.0(5); permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través de un parámetro POST manipulado, el cual no es correctamente gestionado por una declaración eval en binary/mainv.js que escribe start.html. • https://www.exploit-db.com/exploits/33567 http://secunia.com/advisories/38397 http://tools.cisco.com/security/center/viewAlert.x?alertId=19843 http://www.coresecurity.com/content/cisco-secure-desktop-xss http://www.securityfocus.com/archive/1/509290/100/0/threaded http://www.securityfocus.com/bid/37960 http://www.vupen.com/english/advisories/2010/0273 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 0CVE-2008-2055
https://notcve.org/view.php?id=CVE-2008-2055
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70, 7.2.x before 7.2(4), and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via a crafted TCP ACK packet to the device interface. Adaptive Security Appliance (ASA) de Cisco y PIX security appliance de Cisco versión 7.1.x anterior a 7.1(2)70, versión 7.2.x anterior a 7.2 (4) y versión 8.0.x anterior a 8.0(3)10, permite a los atacantes remotos causar una denegación de servicio por medio de un paquete TCP ACK creado para la interfaz del dispositivo. • http://secunia.com/advisories/30552 http://www.cisco.com/en/US/products/products_security_advisory09186a00809a8354.shtml http://www.securitytracker.com/id?1020176 http://www.securitytracker.com/id?1020177 http://www.vupen.com/english/advisories/2008/1750/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42835 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 0CVE-2008-2056
https://notcve.org/view.php?id=CVE-2008-2056
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1 allows remote attackers to cause a denial of service (device reload) via a crafted Transport Layer Security (TLS) packet to the device interface. Cisco Adaptive Security Appliance (ASA) y Cisco PIX security appliance 8.0.x anterior a 8.0(3)9 y 8.1.x anterior a 8.1(1)1, permite a atacantes remotos provocar una denegación de servicio (reinicio de dispositivo) a través de un paquete Transport Layer Security (TLS)manipulado a la interfaz del dispositivo. • http://secunia.com/advisories/30552 http://www.cisco.com/en/US/products/products_security_advisory09186a00809a8354.shtml http://www.securitytracker.com/id?1020178 http://www.securitytracker.com/id?1020179 http://www.vupen.com/english/advisories/2008/1750/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42836 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 2%CPEs: 4EXPL: 0CVE-2008-2057
https://notcve.org/view.php?id=CVE-2008-2057
The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers to cause a denial of service via a crafted packet. Motor de inspección Instant Messenger en Cisco Adaptive Security Appliance ASA) y Cisco PIX security appliance 7.2.x anterior 7.2(4), 8.0.x anterior a 8.0(3)10, y 8.1.x anterior a 8.1(1)2, permite a atacantes remotos provocar una denegación de servicio a trasvés de un paquete manipulado. • http://secunia.com/advisories/30552 http://securitytracker.com/id?1020180 http://securitytracker.com/id?1020181 http://www.cisco.com/en/US/products/products_security_advisory09186a00809a8354.shtml http://www.vupen.com/english/advisories/2008/1750/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42837 •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2008-2058
https://notcve.org/view.php?id=CVE-2008-2058
Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(3)2 and 8.0.x before 8.0(2)17 allows remote attackers to cause a denial of service (device reload) via a port scan against TCP port 443 on the device. Cisco Adaptive Security Appliance (ASA) y Cisco PIX security appliance 7.2.x anterior a 7.2(3)2 y v8.0.x anterior a 8.0(2)17, permite a atacantes remotos provocar una denegación de servicio (reinicio de dispositivo) mediante un escaneo de puerto hacia el 443. • http://secunia.com/advisories/30552 http://securitytracker.com/id?1020182 http://securitytracker.com/id?1020183 http://www.cisco.com/en/US/products/products_security_advisory09186a00809a8354.shtml http://www.vupen.com/english/advisories/2008/1750/references • CWE-399: Resource Management Errors •