EUVD-2015-0607

Malware in sbrugna...

CVE-2013-5482

Cisco Prime LAN Management Solution LMS does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka Bug ID CSCug77823...

CVE-2012-6392

Cisco Prime LAN Management Solution LMS 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779...

Cisco Prime LAN Management Solution Session Fixation Vulnerability

According to its self-reported version, the Cisco Prime LAN Management Solution LMS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. C Tenable Network Security, Inc. include"compat.inc"; if description...

CVE-2017-12225

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as pa...

CVE-2017-12225

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as pa...

CVE-2017-12225

CVE-2017-12225 affects Cisco Prime LAN Management Solution (LMS) session handling. The issue arises from reusing a preauthentication session token in the postauthentication flow, allowing an authenticated remote attacker to hijack another user’s administrative session (Session Fixation). Affected...

Cisco Prime LAN Management Solution Java Object Deserialization RCE (CSCux34647)

The Cisco Prime Lan Management Solution LMS running on the remote web server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by...

Design/Logic Flaw

Cisco Prime LAN Management Solution LMS through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390...

CVE-2016-1360

Cisco Prime LAN Management Solution LMS through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390...

Cisco Prime LAN Management Solution ntpd Multiple Vulnerabilities

According to its self-reported version number, the Cisco Prime LAN Management Solution running on the remote host is affected by multiple vulnerabilities : - A security weakness exists due to the configauth function improperly generating default keys when no authentication key is defined in the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution LMS and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and...

CVE-2015-0594

Cisco Common Services (used by Cisco Prime LAN Management Solution and Cisco Security Manager) contains cross-site scripting (XSS) vulnerabilities in the help pages. The root cause is insufficient input validation of some parameters used by the help page system, allowing remote attackers to trigg...

CVE-2015-0594

Multiple cross-site scripting XSS vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution LMS and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and...

Cisco Prime LAN Management Solution Cross-Frame Scripting

The version of Cisco Prime LAN Management Solution installed on the remote host is affected by a cross-frame scripting vulnerability due to insufficient filtering of user-supplied input. An attacker could leverage this to direct a user to an attacker controlled page and conduct clickjacking or...

CVE-2013-5482

Cisco Prime LAN Management Solution LMS does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka Bug ID CSCug77823...

CVE-2013-1196

The command-line interface in Cisco Secure Access Control System ACS, Identity Services Engine Software, Context Directory Agent, Application Networking Manager ANM, Prime Network Control System, Prime LAN Management Solution LMS, Prime Collaboration, Unified Provisioning Manager, Network Service...

Cisco Prime LAN Management Solution Web Detection

Cisco Prime LAN Management solution, a network management application, was detected on the remote web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid64789; scriptversion"1.5"; scriptcvsdate"Date: 2019/11/25"; scriptnameenglish:"Cisco Prime LAN Management...

Design/Logic Flaw

Cisco Prime LAN Management Solution LMS 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779...

Crlf injection

CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu186...