Page 5 of 42 results (0.005 seconds)

CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 0

Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. Desbordamiento de búfer basado en pila en el servicio CSAdmin de Cisco Secure Access Control Server (ACS) para Windows anterior a 4.1 y ACS Solution Engine anterior a 4.1 permite a atacantes remotos ejecutar código de su elección mediante una petición HTTP GET manipulada. • http://secunia.com/advisories/23629 http://securitytracker.com/id?1017475 http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml http://www.kb.cert.org/vuls/id/744249 http://www.osvdb.org/32642 http://www.securityfocus.com/bid/21900 http://www.vupen.com/english/advisories/2007/0068 https://exchange.xforce.ibmcloud.com/vulnerabilities/31323 •

CVSS: 10.0EPSS: 18%CPEs: 15EXPL: 0

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. Desbordamiento de búfer basado en pila en el servicio CSRadius de Cisco Secure Access Control Server (ACS)para Windows anterior a 4.1 y ACS Solution Engine anterior a 4.1 permite a atacantes remotos ejecutar código de su elección mediante un paquete de petición de tarificación RADIUS (RADIUS Accounting-Request) manipulado. • http://osvdb.org/36126 http://secunia.com/advisories/23629 http://securitytracker.com/id?1017475 http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml http://www.kb.cert.org/vuls/id/477164 http://www.securityfocus.com/bid/21900 http://www.vupen.com/english/advisories/2007/0068 https://exchange.xforce.ibmcloud.com/vulnerabilities/31327 •

CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 0

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute. Múltiples vulnerabilidades no especificadas en el servicio CSRadius de Cisco Secure Access Control Server (ACS) para Windows anetrior a 4.1 y ACS Solution Engine anterior a 4.1 permite a atacantes remotos provocar una denegación de servicio (caída) mediante un paquete de solicitud de acceso RADIUS (RADIUS Access-Request) manipulado. • http://osvdb.org/36125 http://secunia.com/advisories/23629 http://securitytracker.com/id?1017475 http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml http://www.kb.cert.org/vuls/id/443108 http://www.securityfocus.com/bid/21900 http://www.vupen.com/english/advisories/2007/0068 https://exchange.xforce.ibmcloud.com/vulnerabilities/31334 •

CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0

Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability." Cisco Secure Access Control Server (ACS) v4.x para Windows usa la dirección IP de cliente y el número de puerto del servidor para otorgar acceso al puerto HTTP server para una sesión de administración, lo que permite a atacantes remoso superar la autenticación a través de varios métodos, conocido como "ACS Weak Session Management Vulnerability." • http://secunia.com/advisories/20816 http://securityreason.com/securityalert/1157 http://securitytracker.com/id?1016369 http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html http://www.osvdb.org/26825 http://www.securityfocus.com/archive/1/438161/100/0/threaded http://www.securityfocus.com/archive/1/438258/100/0/threaded http://www.securityfocus.com/bid/18621 http://www.vupen.com/english/advisories/2006/2524 https://exchange.xforc •

CVSS: 4.3EPSS: 79%CPEs: 1EXPL: 3

Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters. Vilnerabilidad de cross-site scripting (XSS) en LogonProxy.cgi en Cisco Secure ACS para UNIX v2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del (1) error, (2) SSL, y (3) parámetros Ok. • https://www.exploit-db.com/exploits/28030 http://secunia.com/advisories/20699 http://securityreason.com/securityalert/1116 http://securitytracker.com/id?1016317 http://www.cisco.com/en/US/products/sw/secursw/ps4911/tsd_products_security_response09186a00806b8bdb.html http://www.osvdb.org/26531 http://www.securityfocus.com/archive/1/437441/100/0/threaded http://www.securityfocus.com/archive/1/437480/100/0/threaded http://www.securityfocus.com/bid/18449 http://www.vupen.com/englis •