Lucene search
K

35 matches found

CVE
CVE
added 2016/10/06 10:0 a.m.38 views

CVE-2016-6436

Affected: Cisco Host Scan Engine (Host Scan package) in ASA Web VPN. Versions 3.0.08062 through 3.1.14018 are vulnerable to cross-site scripting (XSS) via a crafted URL in the HostScan Engine. Root cause: insufficient input validation allowing injection of arbitrary script/HTML when processing us...

6.1CVSS5.9AI score0.00765EPSS
Exploits0References2Affected Software1
Cisco
Cisco
added 2016/10/05 4:0 p.m.50 views

Cisco Host Scan Package Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Host Scan package could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of a Cisco Adaptive Security Appliance ASA Web VPN deployment. The vulnerability is due to insufficient input validation of a user-supplied...

4.3CVSS6.2AI score0.00765EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.8 views

Vulnerability of Cisco IOS software, which allows a malicious actor to trigger a service failure

The vulnerability in the SSL VPN function known as WebVPN in Cisco IOS allows malicious actors to trigger a service failure excessive memory consumption by using specially crafted HTTP requests...

7.8CVSS7.5AI score0.02001EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2015/02/07 4:59 a.m.3 views

CVE-2013-5557

The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance ASA Software 9.1.2 and earlier allows remote authenticated users to cause a denial of service device crash or error-recovery event via an HTTP request that triggers a rewrite, aka Bug ID...

6.3CVSS5.6AI score0.02008EPSS
Exploits0References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Cisco Adaptive Security Appliance 8.x Web VPN FTP or CIFS Authentication Form Phishing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35475/info Cisco Adaptive Security Appliance ASA is prone to a vulnerability that can aid in phishing attacks. An attacker can exploit this issue to display a fake login window that's visually similar to the device's logi...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2013/07/25 12:0 a.m.8 views

PT-2013-4371 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliances ASA devices affected versions not specified Description: A cross-site scripting XSS issue in the WebVPN portal login page allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

4.3CVSS5.4AI score0.02102EPSS
Exploits0References7
exploitpack
exploitpack
added 2009/12/17 12:0 a.m.20 views

Cisco ASA 8.x - VPN SSL Module Clientless URL-list control Bypass

Cisco ASA 8.x - VPN SSL Module Clientless URL-list control Bypass ============================================= INTERNET SECURITY AUDITORS ALERT 2009-013 - Original release date: December 7th, 2009 - Last revised: December 16th, 2009 - Discovered by: David Eduardo Acosta Rodriguez - Severity: 4/1...

0.3AI score
Exploits0
Cvelist
Cvelist
added 2009/12/04 11:0 a.m.32 views

CVE-2009-2631 Clientless SSL VPN products break web browser domain-based security models

Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in...

6.3AI score0.05134EPSS
Exploits0References2
CERT
CERT
added 2009/11/30 12:0 a.m.38 views

Clientless SSL VPN products break web browser domain-based security models

Overview Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or conduct other web-based attacks. Description Web browsers enforce the same origin policy to prevent one...

6.8CVSS6.5AI score0.05134EPSS
Exploits0References10
Packet Storm
Packet Storm
added 2009/06/25 12:0 a.m.105 views

Cisco ASA Web VPN Vulnerabilities

Trustwave's SpiderLabs Security Advisory TWSL2009-002: Cisco ASA Web VPN Multiple Vulnerabilities Published: 2009-06-24 Version: 1.0 Vendor: Cisco Systems, Inc. http://www.cisco.com Versions affected: 8.04, 8.1.2, and 8.2.1 Description: Cisco's Adaptive Security Appliance ASA provides a number of...

6CVSS0.5AI score0.08828EPSS
Exploits3
securityvulns
securityvulns
added 2009/06/25 12:0 a.m.122 views

Cisco ASA Web VPN multiple security vulnerabilities

Crossite scripting, filtering bypass, information leak...

6CVSS1.7AI score0.08828EPSS
Exploits3References1
securityvulns
securityvulns
added 2009/06/25 12:0 a.m.135 views

Trustwave's SpiderLabs Security Advisory TWSL2009-002

Trustwave's SpiderLabs Security Advisory TWSL2009-002: Cisco ASA Web VPN Multiple Vulnerabilities Published: 2009-06-24 Version: 1.0 Vendor: Cisco Systems, Inc. http://www.cisco.com Versions affected: 8.04, 8.1.2, and 8.2.1 Description: Cisco's Adaptive Security Appliance ASA provides a number of...

6CVSS0.3AI score0.08828EPSS
Exploits3
Exploit DB
Exploit DB
added 2009/05/24 12:0 a.m.30 views

Cisco Adaptive Security Appliance 8.x - Web VPN FTP or CIFS Authentication Form Phishing

source: https://www.securityfocus.com/bid/35475/info Cisco Adaptive Security Appliance ASA is prone to a vulnerability that can aid in phishing attacks. An attacker can exploit this issue to display a fake login window that's visually similar to the device's login window, which may mislead users...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2009/04/01 12:0 a.m.144 views

Cisco ASA5520 Web VPN Host Header XSS

Cisco ASA5520 Web VPN Host Header XSS - Description Cross-site scripting. - Product Cisco, ASA5520, IOS 7.2222 - PoC Modified request: POST /+webvpn+/index.html HTTP/1.1 Host: "'scriptalert'BugsNotHugs'/scriptmeta httpequiv="" content='"www.owasp.org Accept: image/gif, image/x-xbitmap,...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2009/03/31 12:0 a.m.41 views

Cisco ASA5520 Web VPN Cross Site Scripting

Cisco ASA5520 Web VPN Host Header XSS - Description Cross-site scripting. - Product Cisco, ASA5520, IOS 7.2222 - PoC Modified request: POST /+webvpn+/index.html HTTP/1.1 Host: "'alert'BugsNotHugs' alert'BugsNotHugs'meta httpequiv="" content='"www.owasp...

0.2AI score
Exploits0
Rows per page
Query Builder