60 matches found
EUVD-2003-0205
Malware in sbrugna...
EUVD-2007-1794
Malware in sbrugna...
EUVD-2008-2436
Malware in sbrugna...
Cisco Secure ACS Unauthorized Password Change
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Secure ACS Unauthorized Password Change', 'Description' = %q This module exploits an authentication bypass issue which allows arbitrary...
Cisco Secure ACS Unauthorized Password Change
This module exploits an authentication bypass issue which allows arbitrary password change requests to be issued for any user in the local store. Instances of Secure ACS running version 5.1 with patches 3, 4, or 5 as well as version 5.2 with either no patches or patches 1 and 2 are vulnerable. Th...
The vulnerability of the Cisco Secure ACS access control system’s web interface allows a perpetrator to gain access to confidential information.
The vulnerability in the Cisco Secure ACS access control system’s web interface is related to improper processing of external XML entities when working with XML files. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information...
CVE-2018-0253
A vulnerability in the ACS Report component of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is d...
CVE-2018-0253
A vulnerability in the ACS Report component of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is d...
Hard-Coded Password in Cisco Software Lets Attackers Take Over Linux Servers
A medium yet critical vulnerability has been discovered in Cisco Prime Collaboration Provisioning software that could allow a local attacker to elevate privileges to root and take full control of a system. Cisco Prime Collaboration Provisioning PCP application allows administrators to remotely...
PT-2018-31: XXE Injection in Cisco Secure ACS
The specialists of the Positive Research center have detected an XXE Injection vulnerability in Cisco Secure ACS. A vulnerability in the web-based user interface of the Cisco Secure Access Control Server, due to improper handling of XML External Entities XXEs when parsing an XML file, could allow...
PT-2018-30: XXE Injection in Cisco Secure ACS
The specialists of the Positive Research center have detected an XXE Injection vulnerability in Cisco Secure ACS. A vulnerability in the web-based user interface of the Cisco Secure Access Control Server, due to improper handling of XML External Entities XXEs when parsing an XML file, could allow...
PT-2018-29: Stored Cross-Site Scripting in Cisco Secure ACS
The specialists of the Positive Research center have detected a Stored Cross-Site Scripting vulnerability in Cisco Secure ACS. A vulnerability in the web-based management interface of the Cisco Secure Access Control System ACS, due to insufficient input validation of user-supplied values and a la...
PT-2018-28: Arbitrary Command Execution in Cisco Secure ACS
The specialists of the Positive Research center have detected an Arbitrary Command Execution vulnerability in Cisco Secure ACS. A vulnerability in Cisco Secure Access Control System ACS, due to insecure Java deserialization of user-supplied content, allows an unauthenticated, remote attacker to...
PT-2018-27: Arbitrary Command Execution in Cisco Secure ACS
The specialists of the Positive Research center have detected an Arbitrary Command Execution vulnerability in Cisco Secure ACS. A vulnerability in Cisco Secure Access Control System ACS, due to insufficient validation of the Action Message Format AMF protocol, allows unauthenticated, remote...
Open redirect
A vulnerability in the web interface of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability. More Information: CSCvc04849. Known Affected Releases: 5.82.5...
Cisco Secure ACS 2.3 LoginProxy.CGI Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18449/info Cisco Secure ACS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitra...
Cisco Secure ACS RMI Arbitrary File Read (CSCud75169)
The version of Cisco Secure Access Control System ACS on the remote host is affected by a vulnerability in the Remote Method Invocation RMI interface. Due to insufficient authorization enforcement, this issue could allow a remote, authenticated attacker to read arbitrary files on the ACS server. ...
Cisco Secure ACS Portal XSS (CSCue65949)
The version of Cisco Secure Access Control System ACS running on the remote host is affected by a cross-site scripting XSS vulnerability due to insufficient input validation of a parameter. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid72141; scriptversion"1.7";...
Cisco Secure Access Control Server Remote Command Execution Vulnerability
A vulnerability in the EAP-FAST authentication module of Cisco Secure Access Control Server ACS versions 4.0 through 4.2.1.15 could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco Secure ACS server. This vulnerability is only present when Cisco Secure ACS is...
Cisco Secure ACS Unauthorized Password Change
Binary data ciscoacsunathpasswordchange.nbin...