CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2012-2496
https://notcve.org/view.php?id=CVE-2012-2496
20 Jun 2012 — A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925. Un determinado applet de Java en la implementación de descargas de la funcionalidad WebLaunch de VPN en Cisco AnyConnect Secure Mobility Client v3.x antes de v3.0 MR7 en plataformas Linu... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2011-2041
https://notcve.org/view.php?id=CVE-2011-2041
02 Jun 2011 — The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556. La funcionalidad de comienzo Antes de inicio de sesión (SBL) en Cisco Secure Mobility AnyConnect Client (anteriormente AnyConnect VPN Client) antes de v2.3.254 en Windows, y Windows Mobile, permite a usuarios locales conseguir privilegios... • http://osvdb.org/72716 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 85%CPEs: 10EXPL: 1CVE-2011-2039 – Cisco AnyConnect VPN Client - ActiveX URL Property Download and Execute
https://notcve.org/view.php?id=CVE-2011-2039
02 Jun 2011 — The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904. La aplicación de ayuda en Cisco Secure Mobility AnyConnect Client (anteriormente AnyConnect VPN Client) antes de v2.3.185 para W... • https://www.exploit-db.com/exploits/17366 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 27EXPL: 0CVE-2011-2040
https://notcve.org/view.php?id=CVE-2011-2040
02 Jun 2011 — The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934. La aplicación de ayuda en Cisco Secure Mobility AnyConnect client (anteriormente AnyConnect VPN Client) antes de v2.5.3041, y v3.0.x antes ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=910 • CWE-20: Improper Input Validation •