Design/Logic Flaw

Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A21.1 uses default 1 usernames and 2 passwords for a the administrator and b web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access...

CVE-2009-0742

CVE-2009-0742 affects Cisco ACE Platform components (ACE Application Control Engine Module for Catalyst 6500/7600 and ACE 4710 Appliance). The issue is that the username command stores a cleartext password by default, enabling context-dependent attackers to obtain sensitive information. The NVD e...

CVE-2009-0615

CVE-2009-0615 concerns directory traversal in Cisco ANM before 2.0 and ACE Device Manager before A3(2.1). Exploitation by an authenticated remote user could read/modify arbitrary files, potentially exposing host OS data due to invalid directory permissions. Related CVEs cover additional ANM flaws...

CVE-2009-0622

CVE-2009-0622 affects Cisco ACE Application Control Engine Module for Catalyst 6500/7600 and Cisco ACE 4710 Appliance. Multiple vulnerabilities exist, including default credentials (leading to credential compromise and potential OS access via the device CLI), privilege escalation for authenticate...

Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

CVE-2008-3819

dnsserver in Cisco Application Control Engine Global Site Selector GSS before 3.01 allows remote attackers to cause a denial of service daemon crash via a series of crafted DNS requests, aka Bug ID CSCsj70093...

CVE-2008-3819

dnsserver in Cisco Application Control Engine Global Site Selector GSS before 3.01 allows remote attackers to cause a denial of service daemon crash via a series of crafted DNS requests, aka Bug ID CSCsj70093...

Code injection

An ActiveX control Messenger.UIAutomation.1 in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unkno...

Help Center Live class/auth.php check_logout Function Admin Authentication Bypass

The remote host is running Help Center Live, an open source, web-based help desk application written in PHP. The version of Help Center Live installed on the remote host has several administrative scripts that fail to exit if called without valid credentials. An unauthenticated attacker may be ab...

123 Flash Chat 5.0 - Remote Code Injection

123 Flash Chat 5.0 - Remote Code Injection source: https://www.securityfocus.com/bid/16360/info 123 Flash Chat is prone to an arbitrary code injection weakness. An attacker can influence the value of a variable that is insecurely passed to an 'eval' call. Successful exploitation may allow attacke...

EggBlog 2.0 - id SQL Injection

EggBlog 2.0 - id SQL Injection source: https://www.securityfocus.com/bid/16305/info Eggblog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities could...

Critical: Red Hat Security Advisory: sendmail security update

Updated Sendmail packages are available to fix a vulnerability that allows local and possibly remote attackers to gain root privileges. Sendmail is a widely used Mail Transport Agent MTA which is included in all Red Hat Enterprise Linux distributions. There is a vulnerability in Sendmail versions...