Vulnerabilities > Cisco > Secure Access Control Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-05-02 | CVE-2011-3317 | Cross-Site Scripting vulnerability in Cisco Secure Access Control Server 5.2 Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192. | 4.3 |
| 2012-05-02 | CVE-2011-3293 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Secure Access Control Server 5.2 Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143. | 6.8 |
| 2008-09-04 | CVE-2008-2441 | Resource Management Errors vulnerability in Cisco Secure Access Control Server and Secure ACS Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet. | 7.5 |
| 2007-01-09 | CVE-2007-0105 | Remote vulnerability in Cisco Secure Access Control Server Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. | 7.5 |
| 2006-12-31 | CVE-2006-4098 | Remote vulnerability in Cisco Secure Access Control Server Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. | 10.0 |
| 2006-12-31 | CVE-2006-4097 | Remote vulnerability in Cisco Secure Access Control Server Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. | 7.8 |
| 2006-06-26 | CVE-2006-3226 | Authentication Bypass vulnerability in Cisco Secure ACS Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability." | 7.5 |
| 2006-06-21 | CVE-2006-3101 | Cross-Site Scripting vulnerability in Cisco Secure Access Control Server 2.3 Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters. network cisco | 4.3 |
| 2006-05-10 | CVE-2006-0561 | Unspecified vulnerability in Cisco Secure Access Control Server Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key. | 7.2 |
| 2005-05-31 | CVE-2005-0356 | Remote Denial Of Service vulnerability in Multiple Vendor TCP Timestamp PAWS Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. | 5.0 |