81 matches found
EUVD-2003-0205
Malware in sbrugna...
EUVD-2008-2436
Malware in sbrugna...
EUVD-2007-1794
Malware in sbrugna...
Cisco Secure ACS Unauthorized Password Change
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Secure ACS Unauthorized Password Change', 'Description' = %q This module exploits an authentication bypass issue which allows arbitrary...
Cisco Secure ACS Unauthorized Password Change
This module exploits an authentication bypass issue which allows arbitrary password change requests to be issued for any user in the local store. Instances of Secure ACS running version 5.1 with patches 3, 4, or 5 as well as version 5.2 with either no patches or patches 1 and 2 are vulnerable. Th...
The vulnerability of the Cisco Secure ACS access control system’s web interface allows a perpetrator to gain access to confidential information.
The vulnerability in the Cisco Secure ACS access control system’s web interface is related to improper processing of external XML entities when working with XML files. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information...
CVE-2018-0253
A vulnerability in the ACS Report component of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is d...
CVE-2018-0253
A vulnerability in the ACS Report component of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is d...
Hard-Coded Password in Cisco Software Lets Attackers Take Over Linux Servers
A medium yet critical vulnerability has been discovered in Cisco Prime Collaboration Provisioning software that could allow a local attacker to elevate privileges to root and take full control of a system. Cisco Prime Collaboration Provisioning PCP application allows administrators to remotely...
PT-2018-28: Arbitrary Command Execution in Cisco Secure ACS
The specialists of the Positive Research center have detected an Arbitrary Command Execution vulnerability in Cisco Secure ACS. A vulnerability in Cisco Secure Access Control System ACS, due to insecure Java deserialization of user-supplied content, allows an unauthenticated, remote attacker to...
PT-2018-31: XXE Injection in Cisco Secure ACS
The specialists of the Positive Research center have detected an XXE Injection vulnerability in Cisco Secure ACS. A vulnerability in the web-based user interface of the Cisco Secure Access Control Server, due to improper handling of XML External Entities XXEs when parsing an XML file, could allow...
PT-2018-27: Arbitrary Command Execution in Cisco Secure ACS
The specialists of the Positive Research center have detected an Arbitrary Command Execution vulnerability in Cisco Secure ACS. A vulnerability in Cisco Secure Access Control System ACS, due to insufficient validation of the Action Message Format AMF protocol, allows unauthenticated, remote...
PT-2018-29: Stored Cross-Site Scripting in Cisco Secure ACS
The specialists of the Positive Research center have detected a Stored Cross-Site Scripting vulnerability in Cisco Secure ACS. A vulnerability in the web-based management interface of the Cisco Secure Access Control System ACS, due to insufficient input validation of user-supplied values and a la...
PT-2018-30: XXE Injection in Cisco Secure ACS
The specialists of the Positive Research center have detected an XXE Injection vulnerability in Cisco Secure ACS. A vulnerability in the web-based user interface of the Cisco Secure Access Control Server, due to improper handling of XML External Entities XXEs when parsing an XML file, could allow...
Open redirect
A vulnerability in the web interface of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability. More Information: CSCvc04849. Known Affected Releases: 5.82.5...
Cisco Secure ACS for Windows NT 3.0 Cross-site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5026/info Cisco Secure ACS is an access control and accounting server system. It is distributed and maintained by Cisco, and in this vulnerability affects implementations on the Microsoft Windows NT platform. It has been...
Cisco Secure ACS 2.3 LoginProxy.CGI Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18449/info Cisco Secure ACS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitra...
Cisco Secure ACS Portal XSS (CSCue65949)
The version of Cisco Secure Access Control System ACS running on the remote host is affected by a cross-site scripting XSS vulnerability due to insufficient input validation of a parameter. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid72141; scriptversion"1.7";...
Cisco Secure ACS RMI Arbitrary File Read (CSCud75169)
The version of Cisco Secure Access Control System ACS on the remote host is affected by a vulnerability in the Remote Method Invocation RMI interface. Due to insufficient authorization enforcement, this issue could allow a remote, authenticated attacker to read arbitrary files on the ACS server. ...
Cisco Secure ACS Portal Cross-Site Scripting Vulnerability
A vulnerability in the portal of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the portal on the affected system. The vulnerability is due to insufficient input validation of a parameter. A...