80 matches found
EUVD-2008-2436
Malware in sbrugna...
EUVD-2007-1794
Malware in sbrugna...
EUVD-2003-0205
Malware in sbrugna...
Cisco Secure ACS Unauthorized Password Change
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Secure ACS Unauthorized Password Change', 'Description' = %q This module exploits an authentication bypass issue which allows arbitrary...
Cisco Secure ACS Unauthorized Password Change
This module exploits an authentication bypass issue which allows arbitrary password change requests to be issued for any user in the local store. Instances of Secure ACS running version 5.1 with patches 3, 4, or 5 as well as version 5.2 with either no patches or patches 1 and 2 are vulnerable. Th...
CVE-2018-0253
A vulnerability in the ACS Report component of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is d...
CVE-2018-0253
A vulnerability in the ACS Report component of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is d...
Hard-Coded Password in Cisco Software Lets Attackers Take Over Linux Servers
A medium yet critical vulnerability has been discovered in Cisco Prime Collaboration Provisioning software that could allow a local attacker to elevate privileges to root and take full control of a system. Cisco Prime Collaboration Provisioning PCP application allows administrators to remotely...
PT-2018-30: XXE Injection in Cisco Secure ACS
The specialists of the Positive Research center have detected an XXE Injection vulnerability in Cisco Secure ACS. A vulnerability in the web-based user interface of the Cisco Secure Access Control Server, due to improper handling of XML External Entities XXEs when parsing an XML file, could allow...
PT-2018-28: Arbitrary Command Execution in Cisco Secure ACS
The specialists of the Positive Research center have detected an Arbitrary Command Execution vulnerability in Cisco Secure ACS. A vulnerability in Cisco Secure Access Control System ACS, due to insecure Java deserialization of user-supplied content, allows an unauthenticated, remote attacker to...
PT-2018-29: Stored Cross-Site Scripting in Cisco Secure ACS
The specialists of the Positive Research center have detected a Stored Cross-Site Scripting vulnerability in Cisco Secure ACS. A vulnerability in the web-based management interface of the Cisco Secure Access Control System ACS, due to insufficient input validation of user-supplied values and a la...
PT-2018-31: XXE Injection in Cisco Secure ACS
The specialists of the Positive Research center have detected an XXE Injection vulnerability in Cisco Secure ACS. A vulnerability in the web-based user interface of the Cisco Secure Access Control Server, due to improper handling of XML External Entities XXEs when parsing an XML file, could allow...
PT-2018-27: Arbitrary Command Execution in Cisco Secure ACS
The specialists of the Positive Research center have detected an Arbitrary Command Execution vulnerability in Cisco Secure ACS. A vulnerability in Cisco Secure Access Control System ACS, due to insufficient validation of the Action Message Format AMF protocol, allows unauthenticated, remote...
Open redirect
A vulnerability in the web interface of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability. More Information: CSCvc04849. Known Affected Releases: 5.82.5...
Cisco Secure ACS 2.3 LoginProxy.CGI Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18449/info Cisco Secure ACS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitra...
Cisco Secure ACS for Windows NT 3.0 Cross-site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5026/info Cisco Secure ACS is an access control and accounting server system. It is distributed and maintained by Cisco, and in this vulnerability affects implementations on the Microsoft Windows NT platform. It has been...
Cisco Secure ACS Portal XSS (CSCue65949)
The version of Cisco Secure Access Control System ACS running on the remote host is affected by a cross-site scripting XSS vulnerability due to insufficient input validation of a parameter. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid72141; scriptversion"1.7";...
Cisco Secure ACS RMI Arbitrary File Read (CSCud75169)
The version of Cisco Secure Access Control System ACS on the remote host is affected by a vulnerability in the Remote Method Invocation RMI interface. Due to insufficient authorization enforcement, this issue could allow a remote, authenticated attacker to read arbitrary files on the ACS server. ...
Cisco Secure ACS Portal Cross-Site Scripting Vulnerability
A vulnerability in the portal of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the portal on the affected system. The vulnerability is due to insufficient input validation of a parameter. A...
Cisco Fixes Three Bugs in Secure ACS Platform
Cisco has released patches for three vulnerabilities in its Secure Access Control System, including two flaws that could enable a remote attacker to take complete control of an affected system. Cisco’s Secure ACS is part of the company’s TrustSec solution, which the company says “supports the...