CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 2CVE-2008-0533 – Cisco User-Changeable Password (UCP) 3.3.4.12.5 - 'CSUserCGI.exe' Help Facility Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0533
Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) del módulo securecgi-bin/CSuserCGI.exe en vesiones anteriores a la 4.2 de Cisco Secure Access Control Server (ACS) para Windows y ACS Solution Engine, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante la utilización de un argumento situado a continuación del argumento Help y probablemente mediante otros vectores no especificados. The Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) application suffers from buffer overflow and cross site scripting vulnerabilities. Details provided. • https://www.exploit-db.com/exploits/31395 http://secunia.com/advisories/29351 http://securityreason.com/securityalert/3743 http://securitytracker.com/id?1019607 http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt http://www.securityfocus.com/archive/1/489463/100/0/threaded http://www.securityfocus.com/bid/28222 http://www.vupen.com/english/advisories/2008/0868 https://excha • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 92%CPEs: 3EXPL: 2CVE-2008-0532 – Cisco User-Changeable Password (UCP) 3.3.4.12.5 - 'CSuserCGI.exe' Multiple Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-0532
Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors. Múltiples desbordamientos de buffer en el módulo securecgi-bin/CSuserCGI.exe de User-Changeable Password (UCP) en versiones anteriores a la 4.2 de Cisco Secure Access Control Server (ACS)para Windows y ACS Solution Engine, permite a atacantes remotos ejecutar código de su elección, mediante la utilización de argumentos largos localizados a continuación del argumento Logout y posiblemente a través de otros vectores no especificados. The Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) application suffers from buffer overflow and cross site scripting vulnerabilities. Details provided. • https://www.exploit-db.com/exploits/31394 http://secunia.com/advisories/29351 http://securityreason.com/securityalert/3743 http://securitytracker.com/id?1019608 http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt http://www.securityfocus.com/archive/1/489463/100/0/threaded http://www.securityfocus.com/bid/28222 http://www.vupen.com/english/advisories/2008/0868 https://excha • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.5EPSS: 0%CPEs: 40EXPL: 0CVE-2007-1467
https://notcve.org/view.php?id=CVE-2007-1467
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en (1) PreSearch.html y (2) PreSearch.class en Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks y productos relacionados, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), y Wireless Control System (WCS) permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de campos de texto de un formulario de búsqueda. • http://secunia.com/advisories/24499 http://securityreason.com/securityalert/2437 http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html http://www.securityfocus.com/archive/1/462932/100/0/threaded http://www.securityfocus.com/archive/1/462944/100/0/threaded http://www.securityfocus.com/bid/22982 http://www.securitytracker.com/id?1017778 http://www.vupen.com/english/advisories/2007/0973 https://exchange.xforce.ibmcloud.com/vulnerabilities/33024 •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2004-1460
https://notcve.org/view.php?id=CVE-2004-1460
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password. • http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml http://www.securityfocus.com/bid/11047 https://exchange.xforce.ibmcloud.com/vulnerabilities/17117 •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2004-1459
https://notcve.org/view.php?id=CVE-2004-1459
Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests. • http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml http://www.securityfocus.com/bid/11047 https://exchange.xforce.ibmcloud.com/vulnerabilities/17116 •