8 matches found
CVE-2018-1233
RSA Authentication Agent for Web for IIS and for Apache Web Server (versions 8.0.1 and earlier) are affected by a cross-site scripting (CVE-2018-1233) vulnerability that could allow an attacker to execute arbitrary HTML/JavaScript in a user’s browser session. Public details in multiple sources de...
CVE-2018-1234
CVE-2018-1234 affects RSA Authentication Agent for Web for IIS versions 8.0.1 and earlier. The root cause is insufficient ACL protections on a Windows Named Pipe, allowing a local attacker to read configuration properties of the authentication agent. Exploitation requires local access; no remote ...
CVE-2018-1232
CVE-2018-1232 affects RSA Authentication Agent for Web (IIS and Apache) up to version 8.0.1, vulnerable to a stack-based buffer overflow when processing certain malformed web cookies. This can crash the authentication agent, causing a denial of service. Other sources reiterate similar vulnerabili...
CVE-2005-1118
CVE-2005-1118 describes a cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll of the RSA Authentication Agent for Web 5.2. The flaw allows remote attackers to inject arbitrary web script or HTML via the postdata parameter. The CVE entry lists the affected product as RSA Authentication A...
CVE-2017-14377
Summary: CVE-2017-14377 affects EMC RSA Authentication Agent for Web for Apache Web Server 8.0 and 8.0.1 prior to Build 618. A remote authentication bypass vulnerability is described; the exact exploit path is not detailed in the provided documents. The Nessus entry also notes an unspecified auth...
CVE-2005-4734
CVE-2005-4734 describes a stack-based buffer overflow in IISWebAgentIF.dll of the RSA Authentication Agent for Web (SecurID Web Agent) for IIS. A long url parameter in the Redirect method can allow remote attackers to execute arbitrary code. Affected are RSA SecurID Web Agent for IIS versions 5.2...
CVE-2005-3329
CVE-2005-3329 is an XSS vulnerability in RSA Authentication Agent for Web 5.3 and earlier that allows injection of script or HTML via the image parameter in a GetPic operation. Exploitation details in the sources show an advisory and PoC context around XSS in RSA’s web login flow; vendor fix is R...
CVE-2010-3261
The CVE-2010-3261 entry covers a directory traversal in RSA Authentication Agent 7.0 before P2 for Web that could allow remote reading of unspecified data. The exact attack vectors, affected components, and impact details are not disclosed in the provided documents. No remediation or patch inform...