12 matches found
CVE-2005-0356
CVE-2005-0356 affects F5 BIG-IP BIG-IP LTM 9.0.0–9.0.5; other listed BIG-IP lines are not affected (e.g., 9.1.x, 9.2.x, 9.3.x, 9.4.x, 9.6.x are Not Affected). The issue is described as inadequate validation for TCP segments with PAWS/timestamps, enabling a remote attacker to cause a denial of ser...
CVE-2004-0079
The connected documents confirm CVE-2004-0079: in OpenSSL 0.9.6c–0.9.6k and 0.9.7a–0.9.7c, a crafted SSL/TLS handshake can trigger a null dereference in do_change_cipher_spec, causing a denial of service (crash). Remediation is to apply patched/OpenSSL releases per advisories (e.g., CentOS adviso...
CVE-2011-0961
CVE-2011-0961 is a Cross-site scripting (XSS) vulnerability affecting Cisco Unified Operations Manager and CiscoWorks Common Services Framework Help Servlet. The issue resides in the cwhp/device.center.do API (Help servlet) where an attacker can inject arbitrary script via the device parameter (B...
CVE-2004-0081
CVE-2004-0081 affects OpenSSL 0.9.6 prior to 0.9.6d. The issue is that OpenSSL does not properly handle unknown TLS/SSL message types, enabling a remote attacker to trigger a denial of service via an infinite loop (demonstrated with the Codenomicon TLS Test Tool). Impact is a network-based DoS; e...
CVE-2004-0112
The CVE-2004-0112 issue affects OpenSSL 0.9.7a/b/c: during the SSL/TLS handshake, the Kerberos ciphersuite path fails to validate the Kerberos ticket length, enabling a remote attacker to cause a denial-of-service by triggering an out-of-bounds read. Public sources in connected documents confirm ...
CVE-2011-0966
CVE-2011-0966 is a directory traversal vulnerability in Cisco Unified Operations Manager/CuOM related to the cwhp/auditLog.do endpoint of the Homepage Auditing component (Cisco Works Common Services 3.3 and earlier). An attacker can read arbitrary files by supplying a crafted file parameter (.. p...
CVE-2011-4237
The CVE-2011-4237 issue is a CRLF injection/HTTP response-splitting vulnerability in CiscoWorks Common Services 4.0 used with Cisco Prime LAN Management Solution and related products. Root cause: improper sanitization of user input in Autologin.jsp, enabling an unauthenticated remote attacker to ...
CVE-2009-1161
CVE-2009-1161 describes a directory traversal vulnerability in CiscoWorks Common Services (CWCS) 3.0.x–3.2.x on Windows when the TFTP service is enabled. An unauthenticated remote attacker could access arbitrary files via CWCS TFTP, affecting multiple Cisco products that rely on CWCS (e.g., Unifi...
CVE-2011-3310
CVE-2011-3310 affects CiscoWorks Common Services for Microsoft Windows (pre-4.1). The Home Page component allows an authenticated remote attacker to execute arbitrary commands via a crafted URL, with system administrator privileges on the affected host. The vulnerability impacts multiple CiscoWor...
CVE-2011-2042
The CVE-2011-2042 entry affects CiscoWorks Common Services 3.x and 4.x (before 4.1) in the Sybase SQL Anywhere database component. Affected component exposes potentially sensitive information (engine name and database port) via an unspecified request to UDP port 2638. Root cause/technical specifi...
CVE-2010-3036
CiscoWorks Common Services web server module contains multiple buffer overflows in the Cisco-developed authentication code, enabling remote, unauthenticated code execution with system administrator privileges via sessions on TCP ports 443 or 1741. Affected: CiscoWorks Common Services prior to ver...
CVE-2008-2054
CVE-2008-2054 affects CiscoWorks Common Services versions 3.0.3 through 3.1.1. The Cisco advisory and accompanying sources describe a remote arbitrary-code execution vulnerability exploitable by an attacker from the network, leading to code execution on the user’s client machine. Cisco’s document...