39 matches found
EUVD-2012-4580
Malware in sbrugna...
EUVD-2017-15842
Malware in sbrugna...
Cross site scripting
The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected software. The vulnerability is due to insufficient input...
CVE-2017-6788
The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected software. The vulnerability is due to insufficient input...
CVE-2017-6788
The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected software. The vulnerability is due to insufficient input...
CVE-2017-6788
The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected software. The vulnerability is due to insufficient input...
Cisco AnyConnect WebLaunch Cross-Site Scripting Vulnerability
The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected software. The vulnerability is due to insufficient input...
CVE-2012-4655
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving 1 ActiveX or 2 Java components, aka Bug IDs CSCtz76128 and CSCtz78204...
Design/Logic Flaw
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving 1 ActiveX or 2 Java components, aka Bug IDs CSCtz76128 and CSCtz78204...
CVE-2012-4655
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving 1 ActiveX or 2 Java components, aka Bug IDs CSCtz76128 and CSCtz78204...
KLA10105 ACE vulnerability in CISCO Secure Desktop
Improperly downloaded binaries validation was found in Cisco Secure Desktop. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited from the network at a point related to WebLaunch. Original advisories Cisco bulletin Related products...
Cisco AnyConnect Secure Mobility Client WebLaunch Session Hijack Vulnerability
Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to hijack WebLaunch sessions, which could allow the attacker to intercept sensitive information. The vulnerability is due to the failure to perform certificate name checking in an...
Code injection
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470...
CVE-2012-2500
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 is vulnerable to a WebLaunch IPsec certificate name check bypass. The root cause is failure to verify the X.509 certificate name, enabling MITM attackers to spoof servers via a crafted certificate. Impact is interception of WebLaunch se...
Cisco AnyConnect Secure Mobility Client VPN Downloader RCE (cisco-sa-20120620-ac)
The remote host has a version of Cisco AnyConnect 2.5 MR6. Such versions are potentially affected by an arbitrary code execution vulnerability. The WebLaunch VPN downloader implementation does not properly validate binaries that are received, which can allow remote attackers to execute arbitrary...
CVE-2012-2493
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows...
CVE-2012-2496
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web...
Information disclosure
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web...
CVE-2012-2496
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web...
CVE-2012-2493
Cisco AnyConnect Secure Mobility Client is affected by CVE-2012-2493 due to a vulnerable WebLaunch VPN downloader that does not properly validate downloaded binaries. This allows remote code execution via ActiveX or Java components. Affected products include Windows 2.x builds before 2.5 MR6, and...