153 matches found
Cisco Ironport Bruteforce Login Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Ironport Bruteforce Login Utility', 'Description' = % This module scans for Cisco Ironport SMA, WSA and ESA web login portals, finds AsyncO...
wsa-webdesign.de Cross Site Scripting vulnerability OBB-3279838
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-20942
CVE-2022-20942 concerns information disclosure in Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance (formerly WSA). The issue stems from weak enforcement of back-end authorization checks, allowing an authenticated, remote attacker to obtain s...
CVE-2022-20784
CVE-2022-20784 is a Cisco Web Security Appliance (WSA) filter-bypass vulnerability in the WBRS engine of Cisco AsyncOS. The issue stems from incorrect handling of certain URL character combinations, allowing an unauthenticated, remote attacker to bypass web request policies and access content blo...
CVE-2022-20784 Cisco Web Security Appliance Filter Bypass Vulnerability
A vulnerability in the Web-Based Reputation Score WBRS engine of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This vulnerability is due to...
CVE-2021-34698
A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service DoS condition on an affected device. This vulnerability is due to improper memory management in the pro...
CVE-2021-34698 Cisco Web Security Appliance Proxy Service Denial of Service Vulnerability
A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service DoS condition on an affected device. This vulnerability is due to improper memory management in the pro...
CVE-2021-34698
CVE-2021-34698 describes a DoS in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) caused by improper memory management. An unauthenticated, remote attacker can exhaust device memory by opening a large number of HTTPS connections, preventing new connections and potentiall...
Cisco Web Security Appliance (WSA) Server Name Identification Data Exfiltration (cisco-sa-sni-data-exfil-mFgzXqLN)
According to its self-reported version, Cisco Web Security Appliance WSA is affected by a vulnerability in Server Name Identification SNI request filtering that allows an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised...
CVE-2021-34749
A vulnerability in Server Name Identification SNI request filtering of Cisco Web Security Appliance WSA, Cisco Firepower Threat Defense FTD, and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from...
Command injection
A vulnerability in Server Name Identification SNI request filtering of Cisco Web Security Appliance WSA, Cisco Firepower Threat Defense FTD, and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from...
Cisco BPA, WSA Bugs Allow Remote Cyberattacks
A set of high-severity privilege-escalation vulnerabilities affecting Business Process Automation BPA application and Cisco’s Web Security Appliance WSA and could allow authenticated, remote attackers to access sensitive data or take over a targeted system. The first two bugs CVE-2021-1574 and...
SUSE: Security Advisory (SUSE-SU-2019:3044-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-1490
CVE-2021-1490 : Cisco Web Security Appliance (WSA) uses Cisco AsyncOS with a web-based management interface vulnerable to cross-site scripting (XSS) due to improper validation of user-supplied input. An unauthenticated, remote attacker can lure a user to upload a crafted file containing a malicio...
CVE-2021-1490 Cisco Web Security Appliance Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to improper...
CVE-2021-1271
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability exists because the...
CVE-2021-1129
A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance ESA, Cisco Content Security Management Appliance SMA, and Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to access general system information and...
CVE-2021-1271 Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability exists because the...
CVE-2019-15969
A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of...
CVE-2019-15969 Cisco Web Security Appliance Management Interface Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of...