secure access control server solution engine vulnerabilities and exploits

(subscribe to this query)

Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine prior to 5.5(0.46.5) allows remote malicious users to hijack the authentication of arbitrary users, aka Bug ID CSCuj629...

Cisco Secure Access Control Server Solution Engine 5.5.0.36 Cisco Secure Access Control Server Solution Engine 5.5.0.46.4 Cisco Secure Access Control Server Solution Engine 5.4.0.46.6

The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279.

Cisco Secure Access Control Server Solution Engine -

SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700.

Cisco Secure Access Control Server 5.7.0.15

The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page.

Cisco Secure Access Control Server 5.7.0.15

Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote malicious users to inject arbitrary web script or HTML via a crafted URL.

Cisco Secure Access Control Server 5.7.0.15

The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.

Cisco Secure Access Control Server 5.7.0.15

A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote malicious user to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsi...

Cisco Secure Access Control Server Solution Engine 5.8 Cisco Secure Access Control Server Solution Engine

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows prior to 4.1 and ACS Solution Engine prior to 4.1 allows remote malicious users to execute arbitrary code via a crafted RADIUS Accounting-Request packet.

Cisco Secure Access Control Server 3.0 Cisco Secure Access Control Server 3.1 Cisco Secure Access Control Server 3.2.2 Cisco Secure Access Control Server 3.3 Cisco Secure Access Control Server 3.2\\(1.20\\)Cisco Secure Access Control Server 3.2\\(2\\)Cisco Secure Access Control Server 4.0 Cisco Secure Access Control Server 4.0.1 Cisco Secure Access Control Server 3.2\\(3\\)Cisco Secure Access Control Server 3.2.1 Cisco Secure Access Control Server 3.2 Cisco Secure Access Control Server 3.2\\(1\\)Cisco Secure Access Control Server 3.3\\(1\\)Cisco Secure Access Control Server 3.3.1 Cisco Secure Access Control Server 3.3.2

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows prior to 4.1 and ACS Solution Engine prior to 4.1 allow remote malicious users to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOT...

Cisco Secure Access Control Server 4.1 Cisco Secure Access Control Server

Cisco Secure Access Control Server (ACS) 3.2(3) and previous versions, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote malicious users to gain unauthorized access to AAA clients via a blank password.

Cisco Secure Access Control Server 3.0 Cisco Secure Access Control Server 3.1 Cisco Secure Access Control Server 3.2 Cisco Secure Acs Solution Engine Cisco Secure Access Control Server 3.3 Cisco Secure Access Control Server 3.3\\(1\\)Cisco Secure Access Control Server 3.2\\(1\\)Cisco Secure Access Control Server 3.2\\(2\\)Cisco Secure Access Control Server 3.2\\(3\\)

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook