EUVD-2006-1961

Malware in sbrugna...

The vulnerability of the Cisco Secure Access Control System allows a perpetrator to bypass existing access restrictions and create a new information panel.

The vulnerability of the Solution Engine component of the Cisco Secure Access Control System relates to deficiencies in access control for certain functions. Exploiting this vulnerability could allow a malicious actor to bypass existing access restrictions and create a new information panel by...

The vulnerability of the Cisco Secure Access Control System’s access control system allows a perpetrator to execute arbitrary SQL commands.

The vulnerability of the Solution Engine component of the Cisco Secure Access Control System relates to the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using a specially crafted URL...

The vulnerability of the Cisco Secure Access Control System’s access control mechanism allows a perpetrator to execute arbitrary web or HTML code.

The vulnerability of the Solution Engine web interface of the Cisco Secure Access Control System exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary web or HTML code using a specially crafte...

Cisco ACS Solution Engine Cross-Site Scripting Vulnerability

Cisco Secure Access Control Server ACS is a security access control server from Cisco, Inc.Solution Engine is one of the server engine solutions. Cisco Secure Access Control Server ACS version 5.70.15, an XSS vulnerability exists in the web interface of Solution Engine. A remote attacker could...

CVE-2015-6349

Cross-site scripting XSS vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server ACS 5.70.15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2015-6347

The Solution Engine in Cisco Secure Access Control Server ACS 5.70.15 allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page...

Design/Logic Flaw

The Solution Engine in Cisco Secure Access Control Server ACS 5.70.15 allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page...

Design/Logic Flaw

The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server ACS 5.70.15 allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page...

Cross site scripting

Cross-site scripting XSS vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server ACS 5.70.15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2015-6348

The CVE-2015-6348 issue affects Cisco Secure Access Control Server (ACS) 5.7(0.15) where the report-generation web interface contains RBAC validation weaknesses. An authenticated remote user could access restricted report/status pages via the report-generation web interface, potentially exposing ...

CVE-2015-6348

The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server ACS 5.70.15 allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page...

CVE-2015-6347

The Solution Engine in Cisco Secure Access Control Server ACS 5.70.15 allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page...

CVE-2015-0700

Cross-site request forgery CSRF vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.50.46.5 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924...

Cisco Wireless Lan Solution Engine ArchiveApplyDisplay.JSP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17604/info CiscoWorks Wireless LAN Solution Engine WLSE is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...

CVE-2011-3293

Multiple cross-site request forgery CSRF vulnerabilities in the Solution Engine in Cisco Secure Access Control Server ACS 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting XSS sequences, aka Bug ID CSCtr78143...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Solution Engine in Cisco Secure Access Control Server ACS 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting XSS sequences, aka Bug ID CSCtr78143...

CVE-2008-0532

Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password UCP before 4.2 in Cisco Secure Access Control Server ACS for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and...

Buffer overflow

Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password UCP before 4.2 in Cisco Secure Access Control Server ACS for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and...

CVE-2008-0533

Multiple cross-site scripting XSS vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password UCP before 4.2 in Cisco Secure Access Control Server ACS for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediate...