5 matches found
CVE-2013-1140
The XML parser in Cisco Security Monitoring, Analysis, and Response System MARS allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCue55093...
Cisco Mars Cross-Site Scripting Vulnerability - CVE-2013-5563
Vulnerability Type: Cross-Site Scripting CVE: CVE-2013-5563 Products and affected versions: Cisco Security Monitoring, Analysis and Response System CS-MARS - All versions Vendor Website: http://www.cisco.com/en/US/products/ps6241/ Cisco Advisory: https://tools.cisco.com/bugsearch/bug/CSCul16173...
CVE-2013-1140
The XML parser in Cisco Security Monitoring, Analysis, and Response System MARS allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCue55093...
Cisco MARS Information Disclosure Vulnerability
A vulnerability in the configuration of the XML parser of the Cisco Security Monitoring, Analysis and Response System MARS could allow an unauthenticated, remote attacker to have "read" access to part of information stored in the affected system. The vulnerability is due to improper handling of X...
Cisco MARS < 4.2.1 remote compromise
Cisco MARS Monitoring, Analysis and Response System, sometimes referred to as CS-MARS prior to version 4.2.1 ships with an unprotected JBoss installation which ultimately leads to a complete compromise of the device. The caveat here is that, despite much work on Cisco's part, they were not able t...