506 matches found
Cisco Secure Access Control Server Security Restriction Bypass Vulnerability
Cisco Secure Access Control Server that is ACS, is the United States Cisco Cisco a security access control server. A security restriction bypass vulnerability exists in Cisco Secure Access Control Server 5.7. It allows an authenticated remote user to bypass expected RBAC restrictions by accessing...
Cisco Secure Access Control Server Cross-Site Scripting Vulnerability
Cisco Secure Access Control Server that is ACS, is the United States Cisco Cisco a security access control server. A cross-site scripting vulnerability exists in Cisco Secure Access Control Server 5.7. This allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
Shuanet Adware Roots Android Devices
A new strain of adware buried in repackaged popular Android applications is able to root devices and earn its keepers a tidy $2 per installation. Shuanet behaves more like malware and shares some heritage with two other adware families—Kemoge and Shedun—that also root devices and give their...
Cisco ACS Solution Engine Cross-Site Scripting Vulnerability
Cisco Secure Access Control Server ACS is a security access control server from Cisco, Inc.Solution Engine is one of the server engine solutions. Cisco Secure Access Control Server ACS version 5.70.15, an XSS vulnerability exists in the web interface of Solution Engine. A remote attacker could...
CVE-2015-6349
Cross-site scripting XSS vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server ACS 5.70.15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
Cross site scripting
Cross-site scripting XSS vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server ACS 5.70.15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2015-6348
The CVE-2015-6348 issue affects Cisco Secure Access Control Server (ACS) 5.7(0.15) where the report-generation web interface contains RBAC validation weaknesses. An authenticated remote user could access restricted report/status pages via the report-generation web interface, potentially exposing ...
CVE-2015-6347
CVE-2015-6347 affects Cisco Secure Access Control Server (ACS) 5.7(0.15) where the Solution Engine allows remote authenticated users to bypass RBAC and create a dashboard or portlet by visiting an unrestricted web page. The root cause is flawed RBAC validation when creating administrative dashboa...
CVE-2015-6346
CVE-2015-6346 is a cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) web interface, specifically in ACS 5.7(0.15). The root cause, per Cisco’s advisory, is a lack of input validation in DOM handling, enabling a DOM-based XSS when a crafted URL is processed. The ...
CVE-2015-6349
CVE-2015-6349 affects Cisco Secure Access Control Server (ACS) 5.7(0.15) Solution Engine, where the web interface is vulnerable to reflecte d cross-site scripting due to lack of input validation on user-supplied input. An unauthenticated, remote attacker could exploit a crafted URL to inject arbi...
Cisco Secure Access Control Server Dom-Based Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Secure Access Control Server ACS web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client side, cross-site scripting XSS attack. The vulnerability is due t...
Cisco Secure Access Control Server Reflective Cross-Site Scripting Vulnerability
A vulnerability in the Cisco Secure Access Control Server ACS web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a reflective cross-site scripting XSS attack. The vulnerability is due to a lack of input validation on user-supplied...
Cisco Secure Access Control Server Role-Based Access Control Weak Protection Vulnerability
A vulnerability in the role-based access control RBAC implementation of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to view system administrator reports and status. The vulnerability is due to improper RBAC validation when a user accesses the report...
Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability
A vulnerability in the role-based access control RBAC implementation of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to impact the integrity of the system by modifying dashboard portlets that should be restricted. The vulnerability is due to improper...
Kemoge Malicious Adware Campaign
Google has been busy removing a number of apps from Google Play that are disguised as popular selections that are actually pushing what starts out as adware but eventually turns more malicious. Google has already yanked down a file-transfer app called ShareIt, developed by Zhang Long of China, wh...
Cisco Secure Access Control Server SSH Login Denial of Service Vulnerability
The Cisco Secure Access Control System is the access policy control platform. A security vulnerability exists within the Secure Shell SSH of the Cisco Secure Access Control Server ACS, which can be exploited by a remote attacker to cause an unexpected termination of the SSH screen process,...
CVE-2015-6300
CVE-2015-6300 affects Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15). A vulnerability in the SSH feature allows remote authenticated users to cause a denial of service by issuing crafted commands via CLI or GUI, triggering an SSH screen process crash (Bug ID CSCuw24694). The C...
Cisco Secure Access Control Server SSH Login Denial of Service Vulnerability
A vulnerability in the Secure Shell SSH feature of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to cause a partial denial of service DoS condition due to the SSH screen process unexpectedly terminating. The vulnerability is due to improper input...
CVE-2015-0746
Cisco ACS REST API Denial of Service vulnerability (CVE-2015-0746) affects ACS 5.5(0.46.2). A remote attacker can cause API outages by sending large numbers of requests to the REST API (Bug CSCut62022). Affected component is the REST API; root cause described in Cisco advisory. Remediation status...
CVE-2015-0746
The REST API in Cisco Access Control Server ACS 5.50.46.2 allows remote attackers to cause a denial of service API outage by sending many requests, aka Bug ID CSCut62022...