CVE-2014-8012

Cisco ASA WebVPN Portal is affected by a DOM-based XSS in the Portal Login page (CVE-2014-8012). The vulnerability arises from mishandling of certain cookie attributes, allowing an unauthenticated, remote attacker to craft a link or action that executes arbitrary script/HTML in the user’s browser...

CVE-2014-8012

Cross-site scripting XSS vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance ASA Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695...

PT-2014-8382 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: The issue is related to a cross-site scripting XSS vulnerability in the WebVPN Portal Login page, which allows remote attackers to inject arbitrary we...

Cisco ASA WebVPN CIFS Share Enumeration DoS (CSCuj83344)

According to its banner, the version of the remote Cisco ASA device is affected by a denial of service vulnerability in the WebVPN CIFS Common Internet File System access function due to missing bounds checks on received responses when enumerating large amounts of shares on a CIFS server. A remot...

CVE-2013-6691

The WebVPN CIFS implementation in Cisco Adaptive Security Appliance ASA Software 9.0.4.1 and earlier allows remote CIFS servers to cause a denial of service device reload via a long share list, aka Bug ID CSCuj83344...

Code injection

The WebVPN CIFS implementation in Cisco Adaptive Security Appliance ASA Software 9.0.4.1 and earlier allows remote CIFS servers to cause a denial of service device reload via a long share list, aka Bug ID CSCuj83344...

CVE-2013-6691

The WebVPN CIFS implementation in Cisco Adaptive Security Appliance ASA Software 9.0.4.1 and earlier allows remote CIFS servers to cause a denial of service device reload via a long share list, aka Bug ID CSCuj83344...

CVE-2013-6691

CVE-2013-6691 affects Cisco ASA WebVPN CIFS: the CIFS access function fails bounds-checks when enumerating large shares, enabling an authenticated, remote attacker to trigger a DoS (device reload) on ASA devices running 9.0(.4.1) or earlier. The vulnerability stems from missing bounds checks on r...

Cisco ASA CIFS Share Enumeration Denial of Service Vulnerability

A vulnerability in the WebVPN Common Internet File System CIFS access function of Cisco Adaptive Security Appliance ASA could allow an authenticated, remote attacker to trigger a reload of the affected device. The vulnerability is due to missing bounds checks on the response received from the CIF...

Cisco ASA Appliance 7.x/8.0 WebVPN Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34307/info Cisco ASA is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to...

Cisco ASA Appliance 8.x WebVPN DOM Wrapper Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35476/info Cisco ASA Adaptive Security Appliance is prone to a cross-site scripting vulnerability because its Web VPN fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrar...

CVE-2014-2151

The WebVPN portal in Cisco Adaptive Security Appliance ASA Software 8.4.7.15 and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug ID CSCui04520...

Design/Logic Flaw

The WebVPN portal in Cisco Adaptive Security Appliance ASA Software 8.4.7.15 and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug ID CSCui04520...

CVE-2014-2151

The WebVPN portal in Cisco Adaptive Security Appliance ASA Software 8.4.7.15 and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug ID CSCui04520...

CVE-2014-2151

Cisco ASA WebVPN Information Disclosure (CVE-2014-2151): The WebVPN portal in ASA Software 8.4(.7.15) and earlier is vulnerable to information disclosure via a crafted JavaScript file due to improper input validation. An authenticated remote attacker could view sensitive information; exploitation...

Cisco Adaptive Security Appliance Software WebVPN Information Disclosure Vulnerability

A vulnerability in the WebVPN portal of Cisco Adaptive Security Appliance ASA could allow an authenticated, remote attacker to view sensitive information from the affected system. The vulnerability is due to improper input validation in the WebVPN portal. An attacker could exploit this...

CVE-2014-2120

Cross-site scripting XSS vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance ASA Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025...

Cross site scripting

Cross-site scripting XSS vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance ASA Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025...

CVE-2014-2120

Cross-site scripting XSS vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance ASA Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025...

CVE-2014-2120

Cross-site scripting XSS vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance ASA Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025...