CVE-2002-0938 – Cisco Secure ACS for Windows NT 3.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0938
Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe. • https://www.exploit-db.com/exploits/21555 http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html http://online.securityfocus.com/archive/1/278222 http://www.iss.net/security_center/static/9353.php http://www.securityfocus.com/bid/5026 •
CVE-2002-0241
https://notcve.org/view.php?id=CVE-2002-0241
NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server. NDSAuth.DLL en Cisco Secure Authentication Control Server (ACS) 3.0.1 no comprueba el estado "caducado" o "deshabilitado" de los usuarios en el directorio de servicios Novell, lo cual permitiría a otros usuarios autentificarse en el servidor. • http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml http://www.iss.net/security_center/static/8106.php http://www.securityfocus.com/bid/4048 •
CVE-2002-0160
https://notcve.org/view.php?id=CVE-2002-0160
The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. La función de administración en Cisco Secure Access Control Control Server (ACS) para Windows, 2.6.x y anteriores, y 3.x a 3.01 (build 40), permite a atacantes remotos leer HTML, clases de Java y ficheros de imágenes fuera de la raíz del web mediante un .... (ataque punto punto modificado) en la URL al puerto 2002. • http://marc.info/?l=bugtraq&m=101786689128667&w=2 http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml http://www.osvdb.org/5352 •
CVE-2002-0159
https://notcve.org/view.php?id=CVE-2002-0159
Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002. Vulnerabilidad de formato de cadena en la función de administración de Cisco Secure Access Control Server (ACS) para Windows, 2.6.x y anteriores y 3.x a 3.01 (build 40), permite a atacantes remotos hacer caer (crash) el módulo CSADMIN, denegando el sevicio de administración, o ejecutar código arbitrario mediante cadenas de formato en la URL al puerto 2002. • http://marc.info/?l=bugtraq&m=101787248913611&w=2 http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml http://www.iss.net/security_center/static/8742.php http://www.osvdb.org/2062 http://www.securityfocus.com/bid/4416 • CWE-134: Use of Externally-Controlled Format String •
CVE-2000-1054 – Cisco Secure ACS for Windows NT 2.42 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-1054
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet. • https://www.exploit-db.com/exploits/20235 http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml http://www.securityfocus.com/bid/1705 https://exchange.xforce.ibmcloud.com/vulnerabilities/5272 •