1577 matches found
CVE-2007-2034
Unspecified vulnerability in Cisco Wireless Control System WCS before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190...
CVE-2007-2034
Unspecified vulnerability in Cisco Wireless Control System WCS before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190...
Hardcoded credentials
Cisco Wireless Control System WCS before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014...
Design/Logic Flaw
Unspecified vulnerability in Cisco Wireless Control System WCS before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596...
Improper access control
Cisco Wireless Control System WCS before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301...
CVE-2007-2032
Cisco Wireless Control System WCS before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014...
CVE-2007-2034
Unspecified vulnerability in Cisco Wireless Control System WCS before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190...
CVE-2007-2035
Cisco Wireless Control System WCS before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301...
CVE-2007-2033
Summary (CVE-2007-2033) : Cisco Wireless Control System (WCS) is affected by an unspecified vulnerability in versions before 4.0.81.0. The issue allows remote authenticated users to read any configuration page by changing the group membership of user accounts (Bug ID CSCse78596). The NVD entry li...
Cisco Wireless Control System multiple security vulnerabilities
Hardcoded unchangable FTP server account, privilege escalation thorugh group membership, information leaks...
Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless Control System
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless Control System Advisory ID: cisco-sa-20070412-wcs http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml Revision 1.0 For Public Release 2007 April 12 1600 UTC GMT -...
Cisco Wireless Control System Privilege Escalation Vulnerability
Cisco Wireless Control System WCS versions prior to 4.0.87.0 contains a vulnerability that could allow an authenticated, remote attacker to gain escalated privileges on the affected system. This vulnerability exists due to insufficient access controls on the Cisco WCS configuration page used to...
Multiple Vulnerabilities in the Cisco Wireless Control System
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in 1 PreSearch.html and 2 PreSearch.class in Cisco Secure Access Control Server ACS, VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage...
CVE-2006-3287
Cisco Wireless Control System WCS for Linux and Windows 4.01 and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access aka bug CSCse21391...
CVE-2006-3286
The internal database in Cisco Wireless Control System WCS for Linux and Windows before 3.263 stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database aka bug CSCsd15951...
CVE-2006-3290
HTTP server in Cisco Wireless Control System WCS for Linux and Windows before 3.251 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request...
CVE-2006-3286
The internal database in Cisco Wireless Control System WCS for Linux and Windows before 3.263 stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database aka bug CSCsd15951...
CVE-2006-3286
The CVE-2006-3286 entry concerns Cisco Wireless Control System (WCS) for Linux and Windows prior to 3.2(63). The vulnerability arises from a hard-coded username and password stored in plaintext in unspecified files within the WCS database, enabling remote authenticated users to access the databas...
CVE-2006-3289
Cross-site scripting XSS vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System WCS for Linux and Windows before 3.251 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL"...