Page 57 of 423 results (0.007 seconds)

CVSS: 7.8EPSS: 1%CPEs: 77EXPL: 0

The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet. La funcionalidad SSLVPN en Cisco IOS v12.3 hasta v12.4 permite a atacantes remotos provocar una denegación de servicio (reinicio o cuelgue del dispositivo) mediante paquetes HTTPS manipulados. • http://secunia.com/advisories/34438 http://securitytracker.com/id?1021896 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90424.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml http://www.securityfocus.com/bid/34239 http://www.vupen.com/english/advisories/2009/0851 https://exchange.xforce.ibmcloud.com/vulnerabilities/49425 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6919 • CWE-399: Resource Management Errors •

CVSS: 7.1EPSS: 2%CPEs: 3EXPL: 0

Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets. Perdida de memoria en la funcionalidad de encapsulado de Cisco Tunneling Control Protocol (cTCP) en Cisco IOS v12.4, cuando se ha habilitado un servidor Easy VPN (conocido como EZVPN), permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída del dispositivo) mediante una secuencia de paquetes TCP. • http://secunia.com/advisories/34438 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90459.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml http://www.securityfocus.com/bid/34246 http://www.securitytracker.com/id?1021895 http://www.vupen.com/english/advisories/2009/0851 https://exchange.xforce.ibmcloud.com/vulnerabilities/49417 • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el servidor HTTP en Cisco IOS v12.4(23) permite a atacantes remotos inyectar secuencias de comando web o HTML de su elección a través de PATH_INFO a la URI por defecto bajo (1)level/15/exec/-/ o (2)una vulnerabilidad diferente de CVE-2008-3821. • https://www.exploit-db.com/exploits/32776 http://secunia.com/advisories/33844 http://www.securityfocus.com/archive/1/500674/100/0/threaded http://www.securityfocus.com/bid/33625 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el servidor HTTP en in Cisco IOS v12.4(23) permite a atacantes remotos ejecutar comandos de su elección, como se demostró ejecutando el comando hostname con una petición level/15/configure/-/hostname. • http://secunia.com/advisories/33844 http://www.securityfocus.com/archive/1/500674/100/0/threaded • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 284EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el servidor HTTP en Cisco IOS v11.0 hasta v12.4, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante (1) la cadena query al programa ping o (2) otros aspectos no especificados de una URI. • https://www.exploit-db.com/exploits/32723 http://jvn.jp/en/jp/JVN28344798/index.html http://osvdb.org/51393 http://osvdb.org/51394 http://secunia.com/advisories/33461 http://securityreason.com/securityalert/4916 http://securitytracker.com/id?1021598 http://www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-19 http://www.securityfocus.com/archive/1/500063/100/0/threaded http://www.securi • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •