EUVD-2007-5358

Malware in sbrugna...

EUVD-2006-1960

Malware in sbrugna...

CVE-2007-5382

The conversion utility for converting CiscoWorks Wireless LAN Solution Engine WLSE 4.1.91.0 and earlier to Cisco Wireless Control System WCS creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges...

CVE-2007-5382

The CVE-2007-5382 entry concerns the CiscoWorks WLSE conversion utility (versions 4.1.91.0 and earlier) that converts to Cisco WCS. The underlying issue is that the conversion process creates administrator accounts with default usernames and passwords, enabling remote attackers to gain privileges...

Cisco Security Advisory: Cisco Wireless Control System Conversion Utility Adds Default Password

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Wireless Control System Conversion Utility Adds Default Password Advisory ID: cisco-sa-20071010-wcs http://www.cisco.com/warp/public/707/cisco-sa-20071010-wcs.shtml Revision 1.0 For Public Release 2007 October 10 1600 UT...

Cross site scripting

Cross-site scripting XSS vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine WLSE and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug I...

CVE-2006-1960

Cross-site scripting XSS vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine WLSE and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug I...

Command injection

Cisco CiscoWorks Wireless LAN Solution Engine WLSE and WLSE Express before 2.13, Hosting Solution Engine HSE and User Registration Tool URT before 20060419, and all versions of Ethernet Subscriber Solution Engine ESSE and CiscoWorks2000 Service Management Solution SMS allow local users to gain...

CVE-2006-1961

Cisco CiscoWorks Wireless LAN Solution Engine WLSE and WLSE Express before 2.13, Hosting Solution Engine HSE and User Registration Tool URT before 20060419, and all versions of Ethernet Subscriber Solution Engine ESSE and CiscoWorks2000 Service Management Solution SMS allow local users to gain...

CVE-2006-1960

The CVE-2006-1960 issue affects CiscoWorks WLSE and WLSE Express prior to 2.13 in their appliance web UI. The vulnerability is an XSS flaw in the archiveApplyDisplay.jsp path, likely via the displayMsg parameter, enabling remote attackers to inject arbitrary web script/HTML. The connected sources...

CVE-2006-1960

Cross-site scripting XSS vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine WLSE and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug I...

CVE-2006-1961

Cisco CiscoWorks Wireless LAN Solution Engine WLSE and WLSE Express before 2.13, Hosting Solution Engine HSE and User Registration Tool URT before 20060419, and all versions of Ethernet Subscriber Solution Engine ESSE and CiscoWorks2000 Service Management Solution SMS allow local users to gain...

CVE-2006-1961

CiscoWorks WLSE/WLSE Express <2.13, HSE and URT

Multiple Vulnerabilities in the WLSE Appliance

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

[Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in the WLSE Appliance

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in the WLSE Appliance Advisory ID: cisco-sa-20060419-wlse http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml Revision 1.0 For Public Release 2006 April 19 1500 UTC GMT -...

CVE-2004-0391

CVE-2004-0391 affects Cisco WLSE (Wireless LAN Solution Engine) versions 2.0–2.5 and HSE (Hosting Solution Engine) 1.7–1.7.3, which contain a hardcoded username and password. The root cause is hardcoded credentials allowing remote attackers to add new users, modify existing users, and change conf...

Cisco Security Advisory: A default Username and Password in WLSE and HSE devices

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a re-release of the Advisory. In the previous Advisory release, it was incorrectly stated that the fix for this vulnerability is a configuration change. That has now been corrected. We apologize for any inconvenience, Cisco PSIRT - ------- Cis...

Cisco WLSE/HSE backdoor account

There hardcoded username/password to access device...

A Default Username and Password in WLSE and HSE Devices

...