Cross site scripting

Cross-site scripting XSS vulnerability in the Help index page in Cisco Secure Access Control System ACS allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75170...

Cross site scripting

Cross-site scripting XSS vulnerability in Administration pages in Cisco Secure Access Control System ACS allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75165...

CVE-2013-3421

Cross-site scripting XSS vulnerability in the Help index page in Cisco Secure Access Control System ACS allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75170...

CVE-2013-3421

Cross-site scripting XSS vulnerability in the Help index page in Cisco Secure Access Control System ACS allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75170...

CVE-2013-3424

Cross-site request forgery CSRF vulnerability in Administration and View pages in Cisco Secure Access Control System ACS allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177...

CVE-2013-3424

Cisco ACS is affected by CVE-2013-3424: a CSRF vulnerability in the Administration and View pages could allow an unauthenticated/remote attacker to hijack the authentication of a user (Bug CSCud75177). Impact per sources includes potential actions taken in the context of an authenticated session ...

CVE-2013-3422

CVE-2013-3422 describes a Cross-Site Scripting (XSS) vulnerability in the Administration pages of Cisco Secure Access Control System (ACS). The root cause is insufficient input validation of a parameter, allowing unauthenticated, remote attackers to craft links that execute arbitrary web script o...

CVE-2013-3421

CVE-2013-3421 (Cisco ACS) describes a Cross-Site Scripting (XSS) vulnerability on the Help index page of Cisco Secure Access Control System (ACS). The issue arises from insufficient input validation of a parameter, enabling an unauthenticated, remote attacker to inject arbitrary script or HTML wh...

Fedora Update for kremotecontrol FEDORA-2013-10130

Check for the Version of kremotecontrol OpenVAS Vulnerability Test Fedora Update for kremotecontrol FEDORA-2013-10130 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

CVE-2013-3380

The administrative web interface in the Access Control Server in Cisco Secure Access Control System ACS does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279...

Information disclosure

The administrative web interface in the Access Control Server in Cisco Secure Access Control System ACS does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279...

CVE-2013-3380

The advisory concerns Cisco Secure Access Control System (ACS) and its administrative web interface. The issue is a failure to properly restrict the report view page, allowing remote authenticated users to view potentially sensitive information via a direct request (Bug ID CSCue79279). Exploitati...

CVE-2013-3380

The administrative web interface in the Access Control Server in Cisco Secure Access Control System ACS does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279...

Cisco Prime Network Control System Default Credentials (cisco-sa-20130410-ncs)

According to its self-reported version, the remote host is running a release of Cisco Prime Network Control System prior to 1.1.2. As such, it reportedly has the following vulnerabilities : - The 'oracle' user account is secured with an unspecified, default password. CSCtz30468 - The 'wcsdba'...

Cisco Prime Network Control System Version

The remote host is running Cisco Prime Network Control System NCS, a network management system. It is possible to get the Prime NCS version number via SSH or SNMP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66860; scriptversion"1.3"; scriptcvsdate"Date:...

[SECURITY] Fedora 18 Update: bzr-2.5.1-11.fc18

Bazaar is a distributed revision control system that is powerful, friendly, and scalable. It is the successor of Baz-1.x which, in turn, was a user-friendly reimplementation of GNU Arch...

Iranian Hackers targeting US oil, gas, and electric companies

For all the talk about China and the Syrian Electronic Army, it seems there's another threat to U.S. cyber interests i.e Iran. Series of potentially destructive computer attacks that have been targeting American oil, gas and electricity companies tracked back to Iran. Iranian hackers were able to...

Hard-Coded Credentials Found in TURCK ICS Devices

Hard-coded credentials are a longstanding security no-no, but they’re also an ever-present reality because of developers and IT managers who require remote access to networks and systems for troubleshooting purposes. The level of risk in such cases depends on the system in question. But one thing...

Cisco Secure Access Control System Session Fixation Web Vulnerability

A vulnerability in the web interface of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to acquire the session identifier of another user's session. The vulnerability is due to the lack of session identifier regeneration. An attacker could exploit this...

CVE-2013-1200

Session fixation vulnerability in Cisco Secure Access Control System ACS allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787...