736 matches found
Cisco Patches Three-Year-Old Telnet Remote Code Execution Bug in Security Appliances
There is a severe remote code execution vulnerability in a number of Cisco’s security appliances, a bug that was first disclosed nearly three years ago. The vulnerability is in Telnet and there has been a Metasploit module available to exploit it for years. The FreeBSD Project first disclosed the...
Authentication flaw
The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance ESA does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934...
Cisco AsyncOS Software ZIP Filtering Bypass Vulnerability
A vulnerability in the ZIP inspection engine of Cisco AsyncOS for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the engine protection and deliver malicious ZIP files. The vulnerability is due to improper implementation of the logic for analyzing the...
CVE-2014-3289
Cross-site scripting XSS vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance ESA 8.0, Web Security Appliance WSA 8.0 .5 Hot Patch 1 and earlier, and Content Security Management Appliance SMA 8.3 and earlier allows remote attackers to inject arbitrary web...
Cross site scripting
Cross-site scripting XSS vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance ESA 8.0, Web Security Appliance WSA 8.0 .5 Hot Patch 1 and earlier, and Content Security Management Appliance SMA 8.3 and earlier allows remote attackers to inject arbitrary web...
Cisco Patches XSS Flaw in Security Appliances
There’s a reflected cross-site scripting vulnerability in a variety of Cisco security appliances that enables a remote, unauthenticated attacker to execute arbitrary code in the context of the user. The vulnerability affects the Cisco Email Security Appliance, the Cisco Web Security Appliance and...
CVE-2014-3289
CVE-2014-3289 is a reflected XSS vulnerability in Cisco AsyncOS used by ESA, WSA, and SMA. The issue stems from insufficient input validation of the date_range parameter on the web management interface (notably monitor/reports/overview). A remote attacker can inject arbitrary script by tricking a...
CVE-2014-3289
Cross-site scripting XSS vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance ESA 8.0, Web Security Appliance WSA 8.0 .5 Hot Patch 1 and earlier, and Content Security Management Appliance SMA 8.3 and earlier allows remote attackers to inject arbitrary web...
Cisco AsyncOS contains a reflected cross-site scripting (XSS) vulnerability
Overview Cisco AsyncOS contains a reflected cross-site scripting XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2014-3289 Cisco AsyncOS, the underlying OS for the Cisco Email Security Appliance, Web Security Applianc...
Cisco AsyncOS Cross-Site Scripting Vulnerability
A vulnerability in the web management interface of Cisco AsyncOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to insufficient input validation of a parameter. An...
Design/Logic Flaw
Cisco AsyncOS on Email Security Appliance ESA and Content Security Management Appliance SMA devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085...
CVE-2014-2195
Cisco AsyncOS on Email Security Appliance ESA and Content Security Management Appliance SMA devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085...
CVE-2014-2195
CVE-2014-2195 affects Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA). When Active Directory is enabled, the software does not properly handle group names, enabling a remote attacker to gain role privileges by exploiting group-name similarity (Bug I...
Cisco Web Security Appliance HTTP头重定向漏洞
CVE ID:CVE-2014-2137 Cisco Web Security Appliance是安全的Web网关,在一个平台上集成了恶意软件防护、应用可视化控制、策略控制等。Cisco IronPort AsyncOS是电子邮件安全设备。 某些关于HTTP头的输入在用来重定向用户之前没有正确验证。这可以被利用来将用户重定向到任意网站。 0 Cisco Web Security Appliance 7.x Cisco Web Security Appliance 8.x 目前没有详细解决方案:...
Cisco AsyncOS for Email Security Appliances Software Remote Code Execution (CSCug79377)
According to its self-reported version and configuration, the Cisco AsyncOS running on the remote Cisco Email Security ESA appliance is affected by a remote code execution vulnerability in the Safelist/Blocklist SLBL function due to improper handling of SLBL database files. An authenticated, remo...
Cisco Patches AsyncOS Code Execution Vulnerability
Cisco fixed serious vulnerabilities this week in its email and content security management products that could have let an attacker execute code with the privileges of the root user. The company pushed a fix for its AsyncOS Software in both its Email Security Appliance ESA and the Content Securit...
CVE-2014-2119
The End User Safelist/Blocklist aka SLBL service in Cisco AsyncOS Software for Email Security Appliance ESA before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance SMA before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrar...
Code injection
The End User Safelist/Blocklist aka SLBL service in Cisco AsyncOS Software for Email Security Appliance ESA before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance SMA before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrar...
CVE-2014-2119
The CVE-2014-2119 issue affects Cisco AsyncOS for Email Security Appliance (ESA) and Content Security Management Appliance (SMA). The End User Safelist/Blocklist (SLBL) service permits an authenticated remote user to execute arbitrary code with root privileges by uploading a modified SLBL databas...
Cisco AsyncOS code execution
Code execution on mail check...