Vulmon Recent Vulnerabilities Trends Blog About Contact

linux vulnerabilities and exploits

(subscribe to this query)

7.5
CVSSv2
CVE-2006-3285
The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955)....
Cisco Wireless Control System
5
CVSSv2
CVE-2006-3290
HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request....
Cisco Wireless Control System
7.5
CVSSv2
CVE-2006-3287
Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391)....
Cisco Wireless Control System
2.6
CVSSv2
CVE-2006-3289
Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious...
Cisco Wireless Control System
5
CVSSv2
CVE-2006-3288
Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via...
Cisco Wireless Control System
10
CVSSv2
CVE-2012-6392
Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779....
Cisco Prime Lan Management Solution 4.1Cisco Prime Lan Management Solution 4.2Cisco Prime Lan Management Solution 4.2.1Cisco Prime Lan Management Solution 4.2.2
5
CVSSv2
CVE-2002-1491
The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges....
Cisco Vpn 5000 Client 5.1.2Cisco Vpn 5000 Client 5.2.1
9.3
CVSSv2
CVE-2012-2493
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader...
Cisco Anyconnect Secure Mobility Client 2.0Cisco Anyconnect Secure Mobility Client 2.1Cisco Anyconnect Secure Mobility Client 2.2Cisco Anyconnect Secure Mobility Client 2.2.128Cisco Anyconnect Secure Mobility Client 2.2.133Cisco Anyconnect Secure Mobility Client 2.2.136Cisco Anyconnect Secure Mobility Client 2.2.140Cisco Anyconnect Secure Mobility Client 2.3Cisco Anyconnect Secure Mobility Client 2.3.185Cisco Anyconnect Secure Mobility Client 2.3.254Cisco Anyconnect Secure Mobility Client 2.3.2016Cisco Anyconnect Secure Mobility Client 2.4Cisco Anyconnect Secure Mobility Client 2.4.0202Cisco Anyconnect Secure Mobility Client 2.4.1012Cisco Anyconnect Secure Mobility Client 2.5Cisco Anyconnect Secure Mobility Client 3.0
4.3
CVSSv2
CVE-2012-2494
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a...
Cisco Anyconnect Secure Mobility Client 2.0Cisco Anyconnect Secure Mobility Client 2.1Cisco Anyconnect Secure Mobility Client 2.2Cisco Anyconnect Secure Mobility Client 2.2.128Cisco Anyconnect Secure Mobility Client 2.2.133Cisco Anyconnect Secure Mobility Client 2.2.136Cisco Anyconnect Secure Mobility Client 2.2.140Cisco Anyconnect Secure Mobility Client 2.3Cisco Anyconnect Secure Mobility Client 2.3.185Cisco Anyconnect Secure Mobility Client 2.3.254Cisco Anyconnect Secure Mobility Client 2.3.2016Cisco Anyconnect Secure Mobility Client 2.4Cisco Anyconnect Secure Mobility Client 2.4.0202Cisco Anyconnect Secure Mobility Client 2.4.1012Cisco Anyconnect Secure Mobility Client 2.5Cisco Anyconnect Secure Mobility Client 3.0
4.3
CVSSv2
CVE-2012-2495
The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a...
Cisco Anyconnect Secure Mobility Client 3.0Cisco Secure Desktop 3.1Cisco Secure Desktop 3.1.1Cisco Secure Desktop 3.1.1.27Cisco Secure Desktop 3.1.1.33Cisco Secure Desktop 3.1.1.45Cisco Secure Desktop 3.2Cisco Secure Desktop 3.2.1Cisco Secure Desktop 3.3Cisco Secure Desktop 3.4Cisco Secure Desktop 3.4.1Cisco Secure Desktop 3.4.2Cisco Secure Desktop 3.4.2048Cisco Secure Desktop 3.5Cisco Secure Desktop 3.5.841Cisco Secure Desktop 3.5.1077Cisco Secure Desktop 3.5.2001Cisco Secure Desktop
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-3691insecure direct object referenceCVE-2021-1140CVE-2021-2109information disclosureCVE-2021-1303CVE-2021-1304IDORCVE-2020-14882