CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-5990
https://notcve.org/view.php?id=CVE-2012-5990
06 Sep 2013 — Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud18375. Múltiples vulnerabilidades XSS en Health Monitor Login pages en Cisco Prime Network Control System (NCS) y Wireless Control System (WCS), permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores ... • http://www.kb.cert.org/vuls/id/830316 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2011-4014
https://notcve.org/view.php?id=CVE-2011-4014
02 May 2012 — The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807. La herramienta TAC Case Attachment en Cisco Wireless Control System (WCS) v7.0 permite a usuarios remotos autenticados leer ficheros arbitrarios en webnms/Temp/ a través de vectores no especificados, también conocido como Bug ID CSCtq86807. • http://www.cisco.com/en/US/docs/wireless/wcs/release/notes/WCS_RN7_0_230.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2010-2826
https://notcve.org/view.php?id=CVE-2010-2826
13 Aug 2010 — SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019. Vulnerabilidad de inyección SQL en "Cisco Wireless Control System" (WCS) versión v6.0.x anteriores a la v6.0.196.0 permite a usuarios autenticados remotos ejecutar comandos SQL de su elección a través de vectores de ataque relacionados con la expresión ORDER B... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091e.shtml • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 1CVE-2010-2986
https://notcve.org/view.php?id=CVE-2010-2986
09 Aug 2010 — Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en webacs/QuickSearchAction.do de la opción de búsqueda del interfaz web de Cisco Wireless Control System (WCS) anterior a... • http://secunia.com/advisories/40827 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2010-2987
https://notcve.org/view.php?id=CVE-2010-2987
09 Aug 2010 — Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless Control System (WCS) 7.x before 7.0.164, as used in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtg33854. Multiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Cisco Wireless Control System (WCS) v7.x anterior a v7.0.164, como las usadas en Cisco Unified Wireless Network (UWN) S... • http://secunia.com/advisories/40827 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2007-5382
https://notcve.org/view.php?id=CVE-2007-5382
12 Oct 2007 — The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges. La utilidad de conversión para converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 y versiones anteriores en Cisco Wireless Control System (WCS) crea cuentas de administrador con nombres y contraseñas por defecto, lo cual permite a a... • http://osvdb.org/37936 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 1%CPEs: 2EXPL: 0CVE-2007-2032
https://notcve.org/view.php?id=CVE-2007-2032
16 Apr 2007 — Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014. Cisco Wireless Control System (WCS) anterior a 4.0.96.0 tiene el nombre de usuario y la contraseña fija en el código para operaciones de backup, lo cual permite a atacantes remotos leer y modificar archivos de su elección mediante vectores... • http://secunia.com/advisories/24865 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2033
https://notcve.org/view.php?id=CVE-2007-2033
16 Apr 2007 — Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596. Vulnerabilidad no especificada en Cisco Wireless Control System (WCS) anterior a 4.0.81.0 permite a usuarios autenticados remotamente leer cualquier página de configuración cambiando la pertenencia a grupos de las cuentas de usuario, también conocido como Bug ID CSCse78596. • http://secunia.com/advisories/24865 •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-2034
https://notcve.org/view.php?id=CVE-2007-2034
16 Apr 2007 — Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190. Una vulnerabilidad no especificada en Cisco Wireless Control System (WCS) versiones anteriores a 4.0.87.0. permite a usuarios remotos autenticados alcanzar privilegios del grupo SuperUsers y administrar la aplicación y sus redes, r... • http://secunia.com/advisories/24865 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2035
https://notcve.org/view.php?id=CVE-2007-2035
16 Apr 2007 — Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301. cisco Wireless Control System (WCS) anterior a 4.0.66.0 almacena información sensible bajo el raíz del web con control de acceso insuficiente, lo cual permite a atacantes remotos obtener datos de la organización de la erd mediante una... • http://secunia.com/advisories/24865 •