Lucene search
FelixEDB-ID:31394HistoryMar 12, 2008 - 12:00 a.m.
Cisco User-Changeable Password (UCP) 3.3.4.12.5 - 'CSuserCGI.exe' Multiple Remote Vulnerabilities
2008-03-1200:00:00
felix
www.exploit-db.com
13
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/28222/info
Cisco User-Changeable Password (UCP) is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities.
Exploiting the cross-site scripting issues may help the attacker steal cookie-based authentication credentials and launch other attacks. Exploiting the buffer-overflow vulnerabilities allows attackers to execute code in the context of the affected application, facilitating the remote compromise of affected computers.
The buffer-overflow issues are tracked by Cisco Bug ID CSCsl49180. The cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205.
These issues affect versions prior to UCP 4.2 when running on Microsoft Windows.
http://www.example.com/securecgi-bin/CSUserCGI.exe?Logout+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBB.xyzab.c.hacker.Related
checkpoint_advisories
checkpoint_advisories
prion
prion
Buffer overflow
2008-03-14 20:44:00
saint
saint
Cisco Secure ACS UCP CSuserCGI.exe buffer overflow
2008-04-07 00:00:00
Cisco Secure ACS UCP CSuserCGI.exe buffer overflow
2008-04-07 00:00:00
Cisco Secure ACS UCP CSuserCGI.exe buffer overflow
2008-04-07 00:00:00
cvelist
cvelist
CVE-2008-0532
2008-03-14 20:00:00
cve
cve
CVE-2008-0532
2008-03-14 20:44:00
nvd
nvd
CVE-2008-0532
2008-03-14 20:44:00
packetstorm
packetstorm
RecurityLabs_Cisco_ACS_UCP_advisory.txt
2008-03-13 00:00:00
seebug
seebug
Cisco User-Changeable Password(UCP)CSuserCGI.exe缓冲区溢出及跨站脚本漏洞
2008-03-15 00:00:00
securityvulns
securityvulns
Cisco SecureACS buffer overflow
2008-03-13 00:00:00
cisco
cisco