Vulnerabilities > Cisco > Secure Access Control Server > 3.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2003-05-12 | CVE-2003-0210 | Unspecified vulnerability in Cisco Secure Access Control Server Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002. | 7.5 |
2002-10-04 | CVE-2002-0938 | Cross-Site Scripting vulnerability in Cisco Secure ACS Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe. | 7.5 |
2002-04-22 | CVE-2002-0160 | Unspecified vulnerability in Cisco Secure Access Control Server The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. | 5.0 |
2002-04-22 | CVE-2002-0159 | USE of Externally-Controlled Format String vulnerability in Cisco Secure Access Control Server Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002. | 7.5 |