EUVD-2011-4179

Malware in sbrugna...

CiscoWorks Common Services Arbitrary Code Execution (cisco-sa-20101027-cs)

The version of CiscoWorks Common Services installed on the remote Windows host is potentially affected by multiple buffer overflows in the Cisco developed authentication code of the web server module. By exploiting these flaws, a remote, unauthenticated attacker could execute arbitrary code subje...

CiscoWorks Common Services Installed

CiscoWorks Common Services, the foundation of application infrastructure for CiscoWorks network management solutions, is installed on the remote Windows host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69468; scriptversion"1.9";...

CiscoWorks Common Services Home Page Component Unspecified Shell Command Execution

The version of CiscoWorks Common Services installed on the remote Windows host is potentially affected by an arbitrary shell command execution vulnerability. By exploiting this flaw, a remote, authenticated attacker could execute arbitrary commands on the remote host subject to the privileges of...

CVE-2011-4237

CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu186...

Crlf injection

CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu186...

CVE-2011-4237

CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu186...

CVE-2011-2042

The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018...

Design/Logic Flaw

The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018...

CVE-2011-2042

The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018...

Code injection

The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote...

CVE-2011-3310

The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote...

Directory traversal

Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, aka Bug ID CSCto35577...

CVE-2011-0961

Cross-site scripting XSS vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704...

PT-2011-2779 · Cisco · Ciscoworks Common Services

Name of the Vulnerable Software and Affected Versions: CiscoWorks Common Services versions 3.3 and earlier Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the device parameter in the cwhp/device.center.do API endpoint in t...

PT-2011-2782 · Cisco · Ciscoworks Common Services

Name of the Vulnerable Software and Affected Versions: Cisco CiscoWorks Common Services versions 3.3 and earlier Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files by utilizing a .. dot dot in the file parameter of the cwhp/auditLog.do endpoint in t...

CiscoWorks Common Services Framework 3.1.1 Help Servlet - Cross-Site Scripting

source: https://www.securityfocus.com/bid/47902/info CiscoWorks Common Services is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this vulnerability could allow an attacker to perform cross-site scripting attack...

Cisco Security Advisory: CiscoWorks Common Services Arbitrary Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: CiscoWorks Common Services Arbitrary Code Execution Vulnerability Advisory ID: cisco-sa-20101027-cs Revision 1.0 For Public Release 2010 October 27 1600 UTC GMT...

CVE-2010-3036

Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port 1 443 or 2 1741, aka Bug ID CSCti41352...

Buffer overflow

Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port 1 443 or 2 1741, aka Bug ID CSCti41352...