CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4237
https://notcve.org/view.php?id=CVE-2011-4237
03 May 2012 — CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693. Vulnerabilidad de inyección CRLF en autologin.jsp en Cisco CiscoWorks Common Services v4.0, tal como se utiliza en Cisco Prime LAN Management Solution y otros productos, permite a atacantes remotos inyectar cabe... • http://secunia.com/advisories/49094 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2011-2042
https://notcve.org/view.php?id=CVE-2011-2042
22 Oct 2011 — The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018. El componente de base de datos Sybase SQL Anywhere de Cisco CiscoWorks Common Services v3.x y v4.x anterior a v4.1 permite a atacantes remotos obtener información potencialmente sensible acerca del nombre del motor y el puerto de la b... • http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 27%CPEs: 9EXPL: 0CVE-2011-3310
https://notcve.org/view.php?id=CVE-2011-3310
20 Oct 2011 — The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535. El componente de página de inicio ("Home Page") de Cisco Cisc... • http://secunia.com/advisories/46533 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 11%CPEs: 28EXPL: 0CVE-2011-2738 – Cisco Unified Service Monitor brstart sm_read_string_length Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2738
17 Sep 2011 — Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted p... • http://secunia.com/advisories/45979 •
CVSS: 6.1EPSS: 21%CPEs: 11EXPL: 6CVE-2011-0961 – CiscoWorks Common Services Framework 3.1.1 Help Servlet - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-0961
20 May 2011 — Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en cwhp/device.center.do en el servlet Help en Cisco CiscoWorks Common Services v3.3 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del ... • https://www.exploit-db.com/exploits/35779 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 52%CPEs: 11EXPL: 5CVE-2011-0966 – CiscoWorks Common Services 3.1.1 - Auditing Directory Traversal
https://notcve.org/view.php?id=CVE-2011-0966
20 May 2011 — Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577. Vulnerabilidad de salto de directorio en cwhp/auditLog.do en el componente Homepage Auditing en Cisco CiscoWorks Common Services v3.3 y anteriores permite a atacantes remotos leer archivos de su elección a través de un .. (punto punto) en el parámetro de arc... • https://www.exploit-db.com/exploits/35781 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 24%CPEs: 21EXPL: 0CVE-2010-3036
https://notcve.org/view.php?id=CVE-2010-3036
29 Oct 2010 — Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352. Multiples desbordamientos de búfer en la función de autenticación en el módulo web-server de Cisco CiscoWorks Common Services anterior a v4.0 permite a los atacantes remotos ejecutar código a su elección a través de sesiones TCP en el puerto (1) 443 o (2) 174... • http://osvdb.org/68927 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 10%CPEs: 4EXPL: 0CVE-2010-0138 – Cisco CiscoWorks IPM GIOP getProcessName Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0138
21 Jan 2010 — Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350. Desbordamiento de búfer en Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 y versiones anteriores en Windows, tal y como se distrubuye en CiscoWor... • http://secunia.com/advisories/38230 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 33EXPL: 0CVE-2009-1161
https://notcve.org/view.php?id=CVE-2009-1161
21 May 2009 — Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en el servicio TFTP en Cisco CiscoWorks Common Services (CWCS) v3.0.x hasta v3.2.x en Win... • http://jvn.jp/en/jp/JVN62527913/index.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 4%CPEs: 6EXPL: 0CVE-2008-2054
https://notcve.org/view.php?id=CVE-2008-2054
29 May 2008 — Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors. Vulnerabilidad sin especificar en Cisco CiscoWorks Common Services 3.0.3 a la 3.1.1, permite a atacantes remotos ejecutar código arbitrario en una máquina cliente a través de vectores desconocidos. • http://secunia.com/advisories/30422 •