2011-05-20
|
CVE-2011-0966
|
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.
|
Ciscoworks_common_services
|
N/A
|
|
|
2004-11-23
|
CVE-2004-0079
|
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
|
Webstar, Mac_os_x, Mac_os_x_server, Converged_communications_server, Intuity_audix, S8300, S8500, S8700, Sg200, Sg203, Sg208, Sg5, Vsu, Cacheos_ca_sa, Proxysg, Firewall\-1, Provider\-1, Vpn\-1, Access_registrar, Application_and_content_networking_software, Call_manager, Ciscoworks_common_management_foundation, Ciscoworks_common_services, Content_services_switch_11500, Css11000_content_services_switch, Css_secure_content_accelerator, Firewall_services_module, Gss_4480_global_site_selector, Gss_4490_global_site_selector, Ios, Mds_9000, Okena_stormwatch, Pix_firewall, Pix_firewall_software, Secure_content_accelerator, Threat_response, Webns, Bsafe_ssl\-J, Freebsd, Aaa_server, Apache\-Based_web_server, Hp\-Ux, Wbem, Speed_technologies_litespeed_web_server, Instant_virtual_extranet, Edirectory, Imanager, Openbsd, Openssl, Enterprise_linux, Enterprise_linux_desktop, Linux, Openssl, Openserver, Sidewinder, Propack, Servercluster, Stonebeat_fullcluster, Stonebeat_securitycluster, Stonebeat_webcluster, Stonegate, Stonegate_vpn_client, Crypto_accelerator_4000, Clientless_vpn_gateway_4400, Tarantella_enterprise, Gsx_server
|
7.5
|
|
|
2004-11-23
|
CVE-2004-0081
|
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
|
Webstar, Mac_os_x, Mac_os_x_server, Converged_communications_server, Intuity_audix, S8300, S8500, S8700, Sg200, Sg203, Sg208, Sg5, Vsu, Cacheos_ca_sa, Proxysg, Firewall\-1, Provider\-1, Vpn\-1, Access_registrar, Application_and_content_networking_software, Call_manager, Ciscoworks_common_management_foundation, Ciscoworks_common_services, Content_services_switch_11500, Css11000_content_services_switch, Css_secure_content_accelerator, Firewall_services_module, Gss_4480_global_site_selector, Gss_4490_global_site_selector, Ios, Mds_9000, Okena_stormwatch, Pix_firewall, Pix_firewall_software, Secure_content_accelerator, Threat_response, Webns, Bsafe_ssl\-J, Freebsd, Aaa_server, Apache\-Based_web_server, Hp\-Ux, Wbem, Speed_technologies_litespeed_web_server, Instant_virtual_extranet, Edirectory, Imanager, Openbsd, Openssl, Enterprise_linux, Enterprise_linux_desktop, Linux, Openssl, Openserver, Sidewinder, Propack, Servercluster, Stonebeat_fullcluster, Stonebeat_securitycluster, Stonebeat_webcluster, Stonegate, Stonegate_vpn_client, Crypto_accelerator_4000, Clientless_vpn_gateway_4400, Tarantella_enterprise, Gsx_server
|
N/A
|
|
|
2005-05-31
|
CVE-2005-0356
|
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
|
Alaxala_networks, Agent_desktop, Aironet_ap1200, Aironet_ap350, Call_manager, Ciscoworks_1105_hosting_solution_engine, Ciscoworks_1105_wireless_lan_solution_engine, Ciscoworks_access_control_list_manager, Ciscoworks_cd1, Ciscoworks_common_management_foundation, Ciscoworks_common_services, Ciscoworks_lms, Ciscoworks_vpn_security_management_solution, Ciscoworks_windows, Ciscoworks_windows_wug, Conference_connection, Content_services_switch_11000, Content_services_switch_11050, Content_services_switch_11150, Content_services_switch_11500, Content_services_switch_11501, Content_services_switch_11503, Content_services_switch_11506, Content_services_switch_11800, E\-Mail_manager, Emergency_responder, Intelligent_contact_manager, Interactive_voice_response, Ip_contact_center_enterprise, Ip_contact_center_express, Meetingplace, Mgx_8230, Mgx_8250, Personal_assistant, Remote_monitoring_suite_option, Secure_access_control_server, Sn_5420_storage_router, Sn_5420_storage_router_firmware, Sn_5428_storage_router, Support_tools, Unity_server, Web_collaboration_option, Webns, Tmos, Freebsd, Alaxala, Gr3000, Gr4000, Gs4000, Windows_2000, Windows_2003_server, Windows_xp, 7220_wlan_access_point, 7250_wlan_access_point, Business_communications_manager, Callpilot, Contact_center, Ethernet_routing_switch_1612, Ethernet_routing_switch_1624, Ethernet_routing_switch_1648, Optical_metro_5000, Optical_metro_5100, Optical_metro_5200, Succession_communication_server_1000, Survivable_remote_gateway, Universal_signaling_point, Openbsd, Rt105, Rt250i, Rt300i, Rt57i, Rtv700, Rtx1000, Rtx1100, Rtx1500, Rtx2000
|
N/A
|
|
|
2012-05-03
|
CVE-2011-4237
|
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693.
|
Ciscoworks_common_services, Prime_lan_management_solution
|
N/A
|
|
|
2011-10-19
|
CVE-2011-3310
|
The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535.
|
Ciscoworks_common_services, Windows
|
N/A
|
|
|
2011-10-22
|
CVE-2011-2042
|
The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018.
|
Ciscoworks_common_services
|
N/A
|
|
|
2010-10-29
|
CVE-2010-3036
|
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.
|
Ciscoworks_common_services, Ciscoworks_lan_management_solution, Qos_policy_manager, Security_manager, Telepresence_readiness_assessment_manager, Unified_operations_manager, Unified_service_monitor
|
N/A
|
|
|
2009-05-21
|
CVE-2009-1161
|
Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.
|
Ciscoworks_common_services, Ciscoworks_health_and_utilization_monitor, Ciscoworks_lan_management_solution, Ciscoworks_qos_policy_manager, Ciscoworks_voice_manager, Security_manager, Telepresence_readiness_assessment_manager, Unified_operations_manager, Unified_provisioning_manager, Unified_service_monitor
|
N/A
|
|
|
2008-05-29
|
CVE-2008-2054
|
Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors.
|
Ciscoworks_common_services
|
N/A
|
|
|