263 matches found
CVE-2014-2120
CVE-2014-2120 affects Cisco ASA WebVPN login page, with a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary script/HTML via an unspecified parameter (Bug ID CSCun19025). Multiple sources (Cisco advisory, NVD/NIST CVE entry, CISCO-SA, OpenVAS) consistently d...
CVE-2014-2120
Cross-site scripting XSS vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance ASA Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...
Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability
A vulnerability in the WebVPN login page of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of WebVPN on the Cisco ASA. The vulnerability is due to insufficient input validation of a...
PT-2014-2059 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: The issue is a cross-site scripting XSS vulnerability in the WebVPN login page of Cisco Adaptive Security Appliance ASA Software. This vulnerability...
Cisco ASA WebVPN XSS
According to its self-reported version, the remote Cisco ASA is missing a security patch and is affected by a cross-site scripting vulnerability in the WebVPN portal login page. An attacker could exploit this by tricking a user into requesting a specially crafted URL, resulting in arbitrary scrip...
CVE-2013-3414
Cross-site scripting XSS vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances ASA devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080...
Cross site scripting
Cross-site scripting XSS vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances ASA devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080...
CVE-2013-3414
CVE-2013-3414 affects Cisco ASA devices’ WebVPN portal login page. The vulnerability is an XSS flaw in the WebVPN login page caused by insufficient input validation, enabling remote attackers to inject arbitrary script/HTML via a crafted URL. Multiple sources (Cisco advisory, Nessus, CVE records)...
Cisco ASA Software Cross-Site Scripting Vulnerability
A vulnerability in the WebVPN portal login page of the Cisco ASA could allow an unauthenticated, remote attacker to execute cross-site scripting XSS attacks or hijack user sessions. The vulnerability is due to a failure to properly validate user-supplied input in the WebVPN portal login page. An...
Cisco ASA 5500 Series Adaptive Security Appliance Clientless WebVPN Remote Denial of Service Vulnerability
The Cisco ASA 5500 Series Adaptive Security Appliance contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to the improper handling of user-supplied requests by an affected system when configured to use th...
CVE-2012-2474
Memory leak on Cisco Adaptive Security Appliances ASA 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service memory consumption and blank response page by using the clientless WebVPN feature, aka Bug ID CSCth34278...
Memory corruption
Memory leak on Cisco Adaptive Security Appliances ASA 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service memory consumption and blank response page by using the clientless WebVPN feature, aka Bug ID CSCth34278...
CVE-2010-4680
The WebVPN implementation on Cisco Adaptive Security Appliances ASA 5500 series devices with software before 8.23 permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, ak...
Design/Logic Flaw
The WebVPN implementation on Cisco Adaptive Security Appliances ASA 5500 series devices with software before 8.23 permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, ak...
CVE-2010-4680
The WebVPN implementation on Cisco Adaptive Security Appliances ASA 5500 series devices with software before 8.23 permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, ak...
CVE-2010-4680
The CVE-2010-4680 affects Cisco ASA 5500 series WebVPN: prior to 8.2(3), CIFS shares could be viewed even when CIFS file browsing was disabled, allowing remote authenticated users to bypass access restrictions via CIFS requests (Bug CSCsz80777). Impact is high: attackers with network access can a...
CVE-2010-3902
OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list...
CVE-2010-3902
OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list...
CVE-2010-3902
OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list...
CVE-2010-3902
CVE-2010-3902 affects OpenConnect; the issue is that the webvpn cookie value could be exposed in debugging output, potentially leaking sensitive information. Root cause: debugging output includes the session cookie. Evidence in connected feeds shows Fedora advisories shifting to fix this by elidi...