Cisco Ciscoworks Common Services vulnerabilities

12 known vulnerabilities affecting cisco/ciscoworks_common_services.

Total CVEs
12
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH1MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2011-4237MEDIUMCVSS 4.3v4.02012-05-03
CVE-2011-4237 [MEDIUM] CWE-94 CVE-2011-4237: CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Ci CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693.
nvd
CVE-2011-2042MEDIUMCVSS 5.0v3.0v3.0.3+8 more2011-10-22
CVE-2011-2042 [MEDIUM] CWE-200 CVE-2011-2042: The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4. The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018.
nvd
CVE-2011-3310CRITICALCVSS 9.0≤ 4.0.1v2.2+6 more2011-10-20
CVE-2011-3310 [CRITICAL] CWE-94 CVE-2011-3310: The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoW The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a cr
nvd
CVE-2011-0961MEDIUMCVSS 4.3PoC≤ 3.3v1.0+9 more2011-05-20
CVE-2011-0961 [MEDIUM] CWE-79 CVE-2011-0961: Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco Cisco Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.
nvd
CVE-2011-0966MEDIUMCVSS 6.8PoC≤ 3.3v1.0+9 more2011-05-20
CVE-2011-0966 [MEDIUM] CWE-22 CVE-2011-0966: Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco Ci Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.
nvd
CVE-2010-3036CRITICALCVSS 10.0v3.0.5v3.0.6+4 more2010-10-29
CVE-2010-3036 [CRITICAL] CWE-119 CVE-2010-3036: Multiple buffer overflows in the authentication functionality in the web-server module in Cisco Cisc Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.
nvd
CVE-2009-1161CRITICALCVSS 10.0v3.0.3v3.0.4+5 more2009-05-21
CVE-2009-1161 [CRITICAL] CWE-22 CVE-2009-1161: Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0 Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrar
nvd
CVE-2008-2054CRITICALCVSS 9.3v3.0.3v3.0.4+4 more2008-05-29
CVE-2008-2054 [CRITICAL] CVE-2008-2054: Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote atta Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors.
nvd
CVE-2005-0356MEDIUMCVSS 5.0PoCv2.22005-05-31
CVE-2005-0356 [MEDIUM] CVE-2005-0356: Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timest Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
nvd
CVE-2004-0079HIGHCVSS 7.5v2.22004-11-23
CVE-2004-0079 [HIGH] CWE-476 CVE-2004-0079: The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
nvd
CVE-2004-0081MEDIUMCVSS 5.0v2.22004-11-23
CVE-2004-0081 [MEDIUM] CVE-2004-0081: OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote atta OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
nvd
CVE-2004-0112MEDIUMCVSS 5.0v2.22004-11-23
CVE-2004-0112 [MEDIUM] CWE-125 CVE-2004-0112: The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
nvd