238 matches found
CVE-2013-3380
The administrative web interface in the Access Control Server in Cisco Secure Access Control System ACS does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279...
Cisco Secure Access Control System Session Fixation Web Vulnerability
A vulnerability in the web interface of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to acquire the session identifier of another user's session. The vulnerability is due to the lack of session identifier regeneration. An attacker could exploit this...
CVE-2013-1200
Session fixation vulnerability in Cisco Secure Access Control System ACS allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787...
Session fixation
Session fixation vulnerability in Cisco Secure Access Control System ACS allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787...
CVE-2013-1200
Cisco Secure Access Control System (ACS) is affected by a session fixation vulnerability tied to the lack of session identifier regeneration. An unauthenticated, remote attacker could hijack another user’s web session by capturing or reusing an existing session ID. The issue is documented as CVE-...
CVE-2013-1200
Session fixation vulnerability in Cisco Secure Access Control System ACS allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787...
CVE-2013-1196
The command-line interface in Cisco Secure Access Control System ACS, Identity Services Engine Software, Context Directory Agent, Application Networking Manager ANM, Prime Network Control System, Prime LAN Management Solution LMS, Prime Collaboration, Unified Provisioning Manager, Network Service...
Cisco Secure Access Control System authentication bypass
Insufficient password check if TACACS+ authentication is used with LDAP...
CVE-2012-5424
CVE-2012-5424 affects Cisco Secure Access Control System (ACS) 5.x prior to 5.2 Patch 11 and 5.3 prior to 5.3 Patch 7. When configured with LDAP as external identity store and TACACS+ for authentication, the system fails to properly validate the user-supplied password, enabling an unauthenticated...
CVE-2012-5424
Cisco Secure Access Control System ACS 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted passwo...
SIEMENS Sipass Integrated 2.6 Ethernet Bus - Arbitrary Pointer Dereference
SIEMENS Sipass Integrated 2.6 Ethernet Bus - Arbitrary Pointer Dereference IOActive Security Advisory Title: SIEMENS Sipass Integrated 2.6 Ethernet Bus Arbitrary Pointer Dereference Severity: Critical Discovered by: Lucas Apa Date Reported: 09/11/12 CVE: TBD Siemens Advisory: SSA-938777...
CVE-2011-0951
The web-based management interface in Cisco Secure Access Control System ACS 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440...
Design/Logic Flaw
The web-based management interface in Cisco Secure Access Control System ACS 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440...
CVE-2011-0951
CVE-2011-0951 affects Cisco Secure Access Control System (ACS) 5.1 (with patches 3/4/5) and 5.2 (no patches or patches 1–2). The web-based management interface contains an authentication/authorization flaw that lets a remote, unauthenticated attacker change arbitrary user passwords via unspecifie...
Cisco Secure Access Control System privilege escalation
It's possible to reset any user's password...
Cisco Secure Access Control System Password Modification Vulnerability
Cisco Secure Access Control System ACS contains a vulnerability that could allow an unauthenticated, remote attacker to modify user passwords. The vulnerability is due to improper security restrictions on user password change functions in the web-based management interface of the Cisco Secure ACS...
Cross site request forgery (csrf)
Unspecified vulnerability in the management console in the S2 Security Linear eMerge Access Control System 2.5.x allows remote attackers to cause a denial of service configuration reset via a request to a crafted URI...
CVE-2009-3734
Unspecified vulnerability in the management console in the S2 Security Linear eMerge Access Control System 2.5.x allows remote attackers to cause a denial of service configuration reset via a request to a crafted URI...