Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-31 | CVE-2006-4098 | Remote vulnerability in Cisco Secure Access Control Server Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. | 10.0 |
| 2006-12-31 | CVE-2006-4097 | Remote vulnerability in Cisco Secure Access Control Server Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. | 7.8 |
| 2006-11-08 | CVE-2006-5808 | Multiple vulnerability in Cisco Secure Desktop The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation". | 4.6 |
| 2006-11-08 | CVE-2006-5807 | Multiple vulnerability in Cisco Secure Desktop Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka "System Policy Evasion". | 4.6 |
| 2006-11-08 | CVE-2006-5806 | Multiple vulnerability in Cisco Secure Desktop SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data. | 2.1 |
| 2006-11-03 | CVE-2006-5660 | Authentication Bypass vulnerability in Cisco Security Agent Management Center 5.1 Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 does not properly handle certain LDAP error messages, which allows remote attackers to bypass authentication requirements via an empty password when using an external LDAP server. | 7.5 |
| 2006-10-26 | CVE-2006-5553 | Remote Port Scan Denial of Service vulnerability in Cisco products Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain options. | 7.8 |
| 2006-10-18 | CVE-2006-5394 | Information Disclosure vulnerability in Cisco Secure Desktop SSL VPN Session The default configuration of Cisco Secure Desktop (CSD) has an unchecked "Disable printing" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user's SSL VPN session. | 2.1 |
| 2006-10-18 | CVE-2006-5393 | Information Disclosure vulnerability in Cisco Secure Desktop SSL VPN Session Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session. | 2.1 |
| 2006-10-13 | CVE-2006-5288 | Unspecified vulnerability in Cisco 2700 Wireless Location Appliance 1.1.73.0 Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a default administrator username "root" and password "password," which allows remote attackers to obtain administrative privileges, aka Bug ID CSCsb92893. | 10.0 |