Page 79 of 534 results (0.015 seconds)

CVSS: 7.1EPSS: 0%CPEs: 187EXPL: 0

The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command. El servidor SCP en Cisco IOS v12.2 hasta la versión v12.4, cuando se ha habilitado el acceso CLI basado en roles, no refuerza la configuración de la visualización CLI para transferencias de ficheros, permitiendo a atacantes remotos autenticados con una vista CLI adjunta (1) leer o (2) sobreescribir ficheros de su elección mediante un comando SCP. • http://secunia.com/advisories/34438 http://securitytracker.com/id?1021899 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c8.shtml http://www.securityfocus.com/bid/34247 http://www.vupen.com/english/advisories/2009/0851 https://exchange.xforce.ibmcloud.com/vulnerabilities/49423 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 1%CPEs: 77EXPL: 0

The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet. La funcionalidad SSLVPN en Cisco IOS v12.3 hasta v12.4 permite a atacantes remotos provocar una denegación de servicio (reinicio o cuelgue del dispositivo) mediante paquetes HTTPS manipulados. • http://secunia.com/advisories/34438 http://securitytracker.com/id?1021896 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90424.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml http://www.securityfocus.com/bid/34239 http://www.vupen.com/english/advisories/2009/0851 https://exchange.xforce.ibmcloud.com/vulnerabilities/49425 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6919 • CWE-399: Resource Management Errors •

CVSS: 7.1EPSS: 2%CPEs: 3EXPL: 0

Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets. Perdida de memoria en la funcionalidad de encapsulado de Cisco Tunneling Control Protocol (cTCP) en Cisco IOS v12.4, cuando se ha habilitado un servidor Easy VPN (conocido como EZVPN), permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída del dispositivo) mediante una secuencia de paquetes TCP. • http://secunia.com/advisories/34438 http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90459.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml http://www.securityfocus.com/bid/34246 http://www.securitytracker.com/id?1021895 http://www.vupen.com/english/advisories/2009/0851 https://exchange.xforce.ibmcloud.com/vulnerabilities/49417 • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el servidor HTTP en Cisco IOS v12.4(23) permite a atacantes remotos inyectar secuencias de comando web o HTML de su elección a través de PATH_INFO a la URI por defecto bajo (1)level/15/exec/-/ o (2)una vulnerabilidad diferente de CVE-2008-3821. • https://www.exploit-db.com/exploits/32776 http://secunia.com/advisories/33844 http://www.securityfocus.com/archive/1/500674/100/0/threaded http://www.securityfocus.com/bid/33625 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el servidor HTTP en in Cisco IOS v12.4(23) permite a atacantes remotos ejecutar comandos de su elección, como se demostró ejecutando el comando hostname con una petición level/15/configure/-/hostname. • http://secunia.com/advisories/33844 http://www.securityfocus.com/archive/1/500674/100/0/threaded • CWE-352: Cross-Site Request Forgery (CSRF) •