5 matches found
CVE-2007-1467
The CVE-2007-1467 entry describes multiple cross-site scripting (XSS) vulnerabilities affecting Cisco Secure Access Control Server and related Cisco products. The root issue is insufficient input filtering in the search form used by PreSearch.html and PreSearch.class, allowing remote attackers to...
CVE-2007-5382
The CVE-2007-5382 entry concerns the CiscoWorks WLSE conversion utility (versions 4.1.91.0 and earlier) that converts to Cisco WCS. The underlying issue is that the conversion process creates administrator accounts with default usernames and passwords, enabling remote attackers to gain privileges...
CVE-2006-1961
CiscoWorks WLSE/WLSE Express <2.13, HSE and URT
CVE-2004-0391
CVE-2004-0391 affects Cisco WLSE (Wireless LAN Solution Engine) versions 2.0–2.5 and HSE (Hosting Solution Engine) 1.7–1.7.3, which contain a hardcoded username and password. The root cause is hardcoded credentials allowing remote attackers to add new users, modify existing users, and change conf...
CVE-2006-1960
The CVE-2006-1960 issue affects CiscoWorks WLSE and WLSE Express prior to 2.13 in their appliance web UI. The vulnerability is an XSS flaw in the archiveApplyDisplay.jsp path, likely via the displayMsg parameter, enabling remote attackers to inject arbitrary web script/HTML. The connected sources...