CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2011-2042
https://notcve.org/view.php?id=CVE-2011-2042
The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018. El componente de base de datos Sybase SQL Anywhere de Cisco CiscoWorks Common Services v3.x y v4.x anterior a v4.1 permite a atacantes remotos obtener información potencialmente sensible acerca del nombre del motor y el puerto de la base de datos a través de una petición no especificada para el puerto UDP 2638, también conocido como Bug ID CSCsk35018. • http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2011-3310
https://notcve.org/view.php?id=CVE-2011-3310
The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535. El componente de página de inicio ("Home Page") de Cisco CiscoWorks Common Services en versiones anteriores a 4.1 en Windows, tal como se usa en CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager y CiscoWorks Voice Manager, permite a usuarios autenticados remotos ejecutar comandos arbitrarios a través de una URL modificada. También conocido como Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090 y CSCtt25535. • http://secunia.com/advisories/46533 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs http://www.securityfocus.com/bid/50284 https://exchange.xforce.ibmcloud.com/vulnerabilities/70759 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 9%CPEs: 21EXPL: 0CVE-2010-3036
https://notcve.org/view.php?id=CVE-2010-3036
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352. Multiples desbordamientos de búfer en la función de autenticación en el módulo web-server de Cisco CiscoWorks Common Services anterior a v4.0 permite a los atacantes remotos ejecutar código a su elección a través de sesiones TCP en el puerto (1) 443 o (2) 1741, también conocido como "Bug ID CSCti41352". • http://osvdb.org/68927 http://secunia.com/advisories/42011 http://securitytracker.com/id?1024646 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml http://www.securityfocus.com/bid/44468 http://www.vupen.com/english/advisories/2010/2793 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •