13 matches found
CVE-2007-1467
The CVE-2007-1467 entry describes multiple cross-site scripting (XSS) vulnerabilities affecting Cisco Secure Access Control Server and related Cisco products. The root issue is insufficient input filtering in the search form used by PreSearch.html and PreSearch.class, allowing remote attackers to...
CVE-2007-5382
The CVE-2007-5382 entry concerns the CiscoWorks WLSE conversion utility (versions 4.1.91.0 and earlier) that converts to Cisco WCS. The underlying issue is that the conversion process creates administrator accounts with default usernames and passwords, enabling remote attackers to gain privileges...
CVE-2012-5990
CVE-2012-5990 describes reflected XSS in the Health Monitor login pages of Cisco Prime NCS/WCS. Affected component: Health Monitor Login pages. Root cause: input validation error leading to reflection of HTML/script (CWE-79). Impact stated: attacker can execute arbitrary script in the user’s brow...
CVE-2006-3289
CVE-2006-3289 denotes a cross-site scripting (XSS) vulnerability in the login page of Cisco Wireless Control System (WCS) HTTP interface for Linux and Windows, affected in versions prior to 3.2(51). The issue allows remote attackers to inject arbitrary web script or HTML via vectors involving a m...
CVE-2007-2032
Cisco Wireless Control System (WCS) prior to 4.0.96.0 contains a hard-coded FTP username and password used for backup operations. This credential flaw can allow remote attackers to read and modify arbitrary files via unspecified vectors related to the FTP server’s properties (Bug CSCse93014). The...
CVE-2006-3285
The CVE-2006-3285 entry concerns Cisco Wireless Control System (WCS) prior to version 3.2(51). The internal database uses an undocumented, hard-coded username and password, enabling remote authenticated users to read and potentially modify sensitive configuration data (CSCsd15955). Connected docu...
CVE-2006-3288
CVE-2006-3288 affects Cisco Wireless Control System (WCS) TFTP server on Linux/Windows. The vulnerability arises when the configured directory path name contains a space character, allowing remote authenticated users to read and overwrite arbitrary files via unspecified vectors. Affected versions...
CVE-2007-2033
Summary (CVE-2007-2033) : Cisco Wireless Control System (WCS) is affected by an unspecified vulnerability in versions before 4.0.81.0. The issue allows remote authenticated users to read any configuration page by changing the group membership of user accounts (Bug ID CSCse78596). The NVD entry li...
CVE-2007-2034
Cisco Wireless Control System (WCS) prior to 4.0.87.0 contains a privilege-escalation flaw that, when authenticated to WCS, allows a remote attacker to add their account to the SuperUsers group via the configuration page due to insufficient access controls. Impacted component: WCS application and...
CVE-2006-3290
Cisco WCS on Linux/Windows prior to 3.2(51) stores sensitive information under the web root with insufficient access control, enabling remote retrieval of usernames and directory paths via a direct URL. Affected product: Cisco Wireless Control System (WCS). Root cause: improper access control ove...
CVE-2007-2035
Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, allowing remote attackers to obtain network organization data by direct requests to files in certain directories. This summary is based on the primary CVE-2007-203...
CVE-2006-3287
Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier is affected by a credential disclosure issue due to a default administrator username "root" and password "public," which allows remote attackers to gain access. This exposes partial confidentiality, integrity, and availa...
CVE-2006-3286
The CVE-2006-3286 entry concerns Cisco Wireless Control System (WCS) for Linux and Windows prior to 3.2(63). The vulnerability arises from a hard-coded username and password stored in plaintext in unspecified files within the WCS database, enabling remote authenticated users to access the databas...