6 matches found
CVE-2010-0440
The CVE-2010-0440 issue is a Cross-Site Scripting (XSS) vulnerability in Cisco Secure Desktop (CSCOT) translation path. Affects Cisco Secure Desktop 3.4.2048 and earlier than 3.5, and is also implicated in Cisco ASA appliances running before 8.2(1), 8.1(2.7), and 8.0(5). The root cause is imprope...
CVE-2006-5394
The CVE-2006-5394 issue affects Cisco Secure Desktop (CSD) where the default configuration leaves the "Disable printing" option unchecked in Secure Desktop Settings. This could allow local users to read data sent to a printer during another user’s SSL VPN session. The vulnerability originates fro...
CVE-2011-0926
Cisco Secure Desktop (CSD) 3.x is affected by CVE-2011-0926 due to the CSDWebInstaller.ocx ActiveX control not properly validating the signature of a downloaded program during installation, enabling remote code execution by spoofing the CSD installation process. Exploitation details are described...
CVE-2006-5393
Cisco Secure Desktop (CSD) is affected by CVE-2006-5393 due to the ClearPageFileAtShutdown (CCE-Winv2.0-407) registry value not being required to equal 1. The result is a local disclosure risk where a local user could read memory pages written during another user’s SSL VPN session. Affected softw...
CVE-2011-0925
Cisco Secure Desktop (CSD) 3.x contains an ActiveX flaw in CSDWebInstaller.ocx (CSDWebInstallerCtrl) that allows remote code execution. The vulnerability stems from a lack of validation of executables downloaded by the CSDWebInstaller Web control, enabling an attacker to corrupt a downloaded prog...
CVE-2009-5008
Cisco Secure Desktop (CSD) together with an AnyConnect SSL VPN server is affected by CVE-2009-5008, where the component does not perform verification correctly, enabling local users to bypass policy restrictions via a modified executable file. Reports across multiple sources (NVD/Red Hat/CVE entr...