CVE-2007-2033
https://notcve.org/view.php?id=CVE-2007-2033
Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596. Vulnerabilidad no especificada en Cisco Wireless Control System (WCS) anterior a 4.0.81.0 permite a usuarios autenticados remotamente leer cualquier página de configuración cambiando la pertenencia a grupos de las cuentas de usuario, también conocido como Bug ID CSCse78596. • http://secunia.com/advisories/24865 http://securitytracker.com/id?1017907 http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml http://www.osvdb.org/34129 http://www.securityfocus.com/bid/23460 http://www.vupen.com/english/advisories/2007/1367 https://exchange.xforce.ibmcloud.com/vulnerabilities/33612 •
CVE-2007-2034
https://notcve.org/view.php?id=CVE-2007-2034
Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190. Una vulnerabilidad no especificada en Cisco Wireless Control System (WCS) versiones anteriores a 4.0.87.0. permite a usuarios remotos autenticados alcanzar privilegios del grupo SuperUsers y administrar la aplicación y sus redes, relacionada con la pertenencia al grupo de cuentas de usuario, también se conoce como ID de error CSCsg05190. • http://secunia.com/advisories/24865 http://securitytracker.com/id?1017907 http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml http://www.osvdb.org/34130 http://www.securityfocus.com/bid/23460 http://www.vupen.com/english/advisories/2007/1367 https://exchange.xforce.ibmcloud.com/vulnerabilities/33612 •
CVE-2007-2035
https://notcve.org/view.php?id=CVE-2007-2035
Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301. cisco Wireless Control System (WCS) anterior a 4.0.66.0 almacena información sensible bajo el raíz del web con control de acceso insuficiente, lo cual permite a atacantes remotos obtener datos de la organización de la erd mediante una petición directa de archivos en determinados directorios, también conocido como Bug ID CSCsg04301. • http://secunia.com/advisories/24865 http://securitytracker.com/id?1017907 http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml http://www.osvdb.org/34131 http://www.securityfocus.com/bid/23460 http://www.vupen.com/english/advisories/2007/1367 https://exchange.xforce.ibmcloud.com/vulnerabilities/33606 •
CVE-2007-2032
https://notcve.org/view.php?id=CVE-2007-2032
Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014. Cisco Wireless Control System (WCS) anterior a 4.0.96.0 tiene el nombre de usuario y la contraseña fija en el código para operaciones de backup, lo cual permite a atacantes remotos leer y modificar archivos de su elección mediante vectores no especificados relacionados con "propiedades del servidor FTP", también conocido como Bug ID CSCse93014. • http://secunia.com/advisories/24865 http://securitytracker.com/id?1017907 http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml http://www.osvdb.org/34132 http://www.securityfocus.com/bid/23460 http://www.vupen.com/english/advisories/2007/1367 https://exchange.xforce.ibmcloud.com/vulnerabilities/33614 •
CVE-2007-1467
https://notcve.org/view.php?id=CVE-2007-1467
Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en (1) PreSearch.html y (2) PreSearch.class en Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks y productos relacionados, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), y Wireless Control System (WCS) permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de campos de texto de un formulario de búsqueda. • http://secunia.com/advisories/24499 http://securityreason.com/securityalert/2437 http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html http://www.securityfocus.com/archive/1/462932/100/0/threaded http://www.securityfocus.com/archive/1/462944/100/0/threaded http://www.securityfocus.com/bid/22982 http://www.securitytracker.com/id?1017778 http://www.vupen.com/english/advisories/2007/0973 https://exchange.xforce.ibmcloud.com/vulnerabilities/33024 •