Cisco Trust Agent Vulnerability

Vulnerability: There is a vulnerability affecting the latest version v2.1.103.0 of the Cisco Trust Agent software for MacOS X that can allow an individual with physical access to an endpoint to bypass authentication and gain administrative access to the local machine. Description: When Cisco Secu...

CVE-2007-1467

Multiple cross-site scripting XSS vulnerabilities in 1 PreSearch.html and 2 PreSearch.class in Cisco Secure Access Control Server ACS, VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in 1 PreSearch.html and 2 PreSearch.class in Cisco Secure Access Control Server ACS, VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage...

CVE-2007-0105

The CVE-2007-0105 issue affects Cisco Secure Access Control Server (ACS) and ACS Solution Engine prior to version 4.1, where the CSAdmin web server mishandles specially crafted HTTP GET requests, causing a stack-based buffer overflow. This allows a remote attacker to execute arbitrary code or cra...

CVE-2006-4097

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server ACS for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service crash via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at...

CVE-2006-4098

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server ACS for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet...

Multiple Vulnerabilities in Cisco Secure Access Control Server

...

CVE-2006-4098

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server ACS for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet...

CVE-2006-4097

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server ACS for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service crash via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at...

CVE-2006-3226

Cisco Secure Access Control Server ACS 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management...

[Full-disclosure] Cisco Secure ACS Weak Session Management Vulnerability

Cisco Secure ACS Weak Session Management Vulnerability June 23, 2006 Product Overview: Cisco Secure Access Control Server ACS provides a centralized identity networking solution and simplified user management experience across all Cisco devices and security management applications. Cisco Secure A...

CVE-2006-0561

Cisco Secure Access Control Server ACS 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the...

CVE-2006-0561

Cisco Secure ACS for Windows 3.x stores ACS administrator passwords and the master key in the Windows registry with insecure permissions. The master key and encrypted passwords can be decrypted locally (and over the network if remote registry access is enabled) using Microsoft Crypto API function...

Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Response ============== This is Cisco PSIRT's response to the statements made by Symantec in its advisory: SYMSA-2006-003, posted on May 8, 2006. The original email/advisory is available at:...

CVE-2005-4499

The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server CS ACS, generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges b...

MERCUR Messaging Control Server Multiple Buffer Overflows

The remote host is running MERCUR Messaging Control Server, a telnet/web server to control MERCUR Messaging software. According to its banner, the remote version of this software is vulnerable to multiple buffer overflow vulnerabilities. A remote attacker could exploit these flaws by sending...

CVE-2005-2789

BFCommand & Control Server Manager BFCC 1.22A and earlier, and BFVCC 2.14B and earlier, allows remote attackers to bypass authentication via 1 an unknown attack vector or 2 a NULL 0x00 as a username...

CVE-2005-2789

The CVE-2005-2789 entry affects BFCommand & Control Server Manager BFCC 1.22_A and earlier and BFVCC 2.14_B and earlier. The underlying issue is an authentication bypass that can be triggered by either an unknown attack vector or using a NULL (0x00) as the username. CVSS v2 base score is 7.5 (HIG...

CVE-2005-2790

The CVE-2005-2790 entry affects BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier. The vulnerability arises because the system relies on the client to enforce permissions and perform actions (e.g., disconnections), allowing remote attackers to bypass adminis...

CVE-2005-2791

BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, are affected by CVE-2005-2791. The vulnerability allows remote attackers to cause a denial of service by opening and closing a sequence of connections without sending the login command, leading to refused ne...