Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for user_changeable_password by cisco

    CVE-2008-0533 (GCVE-0-2008-0533)

    Vulnerability from nvd – Published: 2008-03-14 20:00 – Updated: 2024-08-07 07:46
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.recurity-labs.com/content/pub/Recurity… x_refsource_MISC
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/archive/1/489463/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/28222 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2008/0868 vdb-entryx_refsource_VUPEN
    http://securityreason.com/securityalert/3743 third-party-advisoryx_refsource_SREASON
    http://securitytracker.com/id?1019607 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/29351 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:46:54.829Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt"
              },
              {
                "name": "20080312 Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml"
              },
              {
                "name": "20080312 Cisco ACS UCP Remote Pre-Authentication Buffer Overflows",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489463/100/0/threaded"
              },
              {
                "name": "28222",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28222"
              },
              {
                "name": "ADV-2008-0868",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0868"
              },
              {
                "name": "3743",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3743"
              },
              {
                "name": "1019607",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019607"
              },
              {
                "name": "cisco-acs-ucp-csusercgi-xss(41156)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41156"
              },
              {
                "name": "29351",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29351"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt"
            },
            {
              "name": "20080312 Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml"
            },
            {
              "name": "20080312 Cisco ACS UCP Remote Pre-Authentication Buffer Overflows",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489463/100/0/threaded"
            },
            {
              "name": "28222",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28222"
            },
            {
              "name": "ADV-2008-0868",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0868"
            },
            {
              "name": "3743",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3743"
            },
            {
              "name": "1019607",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019607"
            },
            {
              "name": "cisco-acs-ucp-csusercgi-xss(41156)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41156"
            },
            {
              "name": "29351",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29351"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2008-0533",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt",
                  "refsource": "MISC",
                  "url": "http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt"
                },
                {
                  "name": "20080312 Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml"
                },
                {
                  "name": "20080312 Cisco ACS UCP Remote Pre-Authentication Buffer Overflows",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489463/100/0/threaded"
                },
                {
                  "name": "28222",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28222"
                },
                {
                  "name": "ADV-2008-0868",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0868"
                },
                {
                  "name": "3743",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3743"
                },
                {
                  "name": "1019607",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019607"
                },
                {
                  "name": "cisco-acs-ucp-csusercgi-xss(41156)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41156"
                },
                {
                  "name": "29351",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29351"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2008-0533",
        "datePublished": "2008-03-14T20:00:00.000Z",
        "dateReserved": "2008-01-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:46:54.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0532 (GCVE-0-2008-0532)

    Vulnerability from nvd – Published: 2008-03-14 20:00 – Updated: 2024-08-07 07:46
    VLAI
    Summary
    Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.recurity-labs.com/content/pub/Recurity… x_refsource_MISC
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/archive/1/489463/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/28222 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2008/0868 vdb-entryx_refsource_VUPEN
    http://securityreason.com/securityalert/3743 third-party-advisoryx_refsource_SREASON
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1019608 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29351 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:46:55.104Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt"
              },
              {
                "name": "20080312 Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml"
              },
              {
                "name": "20080312 Cisco ACS UCP Remote Pre-Authentication Buffer Overflows",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489463/100/0/threaded"
              },
              {
                "name": "28222",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28222"
              },
              {
                "name": "ADV-2008-0868",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0868"
              },
              {
                "name": "3743",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3743"
              },
              {
                "name": "cisco-acs-ucp-csusercgi-bo(41154)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41154"
              },
              {
                "name": "1019608",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019608"
              },
              {
                "name": "29351",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29351"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt"
            },
            {
              "name": "20080312 Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml"
            },
            {
              "name": "20080312 Cisco ACS UCP Remote Pre-Authentication Buffer Overflows",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489463/100/0/threaded"
            },
            {
              "name": "28222",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28222"
            },
            {
              "name": "ADV-2008-0868",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0868"
            },
            {
              "name": "3743",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3743"
            },
            {
              "name": "cisco-acs-ucp-csusercgi-bo(41154)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41154"
            },
            {
              "name": "1019608",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019608"
            },
            {
              "name": "29351",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29351"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2008-0532",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt",
                  "refsource": "MISC",
                  "url": "http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt"
                },
                {
                  "name": "20080312 Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml"
                },
                {
                  "name": "20080312 Cisco ACS UCP Remote Pre-Authentication Buffer Overflows",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489463/100/0/threaded"
                },
                {
                  "name": "28222",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28222"
                },
                {
                  "name": "ADV-2008-0868",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0868"
                },
                {
                  "name": "3743",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3743"
                },
                {
                  "name": "cisco-acs-ucp-csusercgi-bo(41154)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41154"
                },
                {
                  "name": "1019608",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019608"
                },
                {
                  "name": "29351",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29351"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2008-0532",
        "datePublished": "2008-03-14T20:00:00.000Z",
        "dateReserved": "2008-01-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:46:55.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0533 (GCVE-0-2008-0533)

    Vulnerability from cvelistv5 – Published: 2008-03-14 20:00 – Updated: 2024-08-07 07:46
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.recurity-labs.com/content/pub/Recurity… x_refsource_MISC
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/archive/1/489463/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/28222 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2008/0868 vdb-entryx_refsource_VUPEN
    http://securityreason.com/securityalert/3743 third-party-advisoryx_refsource_SREASON
    http://securitytracker.com/id?1019607 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/29351 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:46:54.829Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt"
              },
              {
                "name": "20080312 Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml"
              },
              {
                "name": "20080312 Cisco ACS UCP Remote Pre-Authentication Buffer Overflows",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489463/100/0/threaded"
              },
              {
                "name": "28222",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28222"
              },
              {
                "name": "ADV-2008-0868",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0868"
              },
              {
                "name": "3743",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3743"
              },
              {
                "name": "1019607",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019607"
              },
              {
                "name": "cisco-acs-ucp-csusercgi-xss(41156)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41156"
              },
              {
                "name": "29351",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29351"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt"
            },
            {
              "name": "20080312 Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml"
            },
            {
              "name": "20080312 Cisco ACS UCP Remote Pre-Authentication Buffer Overflows",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489463/100/0/threaded"
            },
            {
              "name": "28222",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28222"
            },
            {
              "name": "ADV-2008-0868",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0868"
            },
            {
              "name": "3743",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3743"
            },
            {
              "name": "1019607",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019607"
            },
            {
              "name": "cisco-acs-ucp-csusercgi-xss(41156)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41156"
            },
            {
              "name": "29351",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29351"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2008-0533",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt",
                  "refsource": "MISC",
                  "url": "http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt"
                },
                {
                  "name": "20080312 Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml"
                },
                {
                  "name": "20080312 Cisco ACS UCP Remote Pre-Authentication Buffer Overflows",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489463/100/0/threaded"
                },
                {
                  "name": "28222",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28222"
                },
                {
                  "name": "ADV-2008-0868",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0868"
                },
                {
                  "name": "3743",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3743"
                },
                {
                  "name": "1019607",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019607"
                },
                {
                  "name": "cisco-acs-ucp-csusercgi-xss(41156)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41156"
                },
                {
                  "name": "29351",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29351"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2008-0533",
        "datePublished": "2008-03-14T20:00:00.000Z",
        "dateReserved": "2008-01-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:46:54.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0532 (GCVE-0-2008-0532)

    Vulnerability from cvelistv5 – Published: 2008-03-14 20:00 – Updated: 2024-08-07 07:46
    VLAI
    Summary
    Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.recurity-labs.com/content/pub/Recurity… x_refsource_MISC
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/archive/1/489463/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/28222 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2008/0868 vdb-entryx_refsource_VUPEN
    http://securityreason.com/securityalert/3743 third-party-advisoryx_refsource_SREASON
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1019608 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29351 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:46:55.104Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt"
              },
              {
                "name": "20080312 Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml"
              },
              {
                "name": "20080312 Cisco ACS UCP Remote Pre-Authentication Buffer Overflows",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489463/100/0/threaded"
              },
              {
                "name": "28222",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28222"
              },
              {
                "name": "ADV-2008-0868",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0868"
              },
              {
                "name": "3743",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3743"
              },
              {
                "name": "cisco-acs-ucp-csusercgi-bo(41154)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41154"
              },
              {
                "name": "1019608",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019608"
              },
              {
                "name": "29351",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29351"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt"
            },
            {
              "name": "20080312 Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml"
            },
            {
              "name": "20080312 Cisco ACS UCP Remote Pre-Authentication Buffer Overflows",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489463/100/0/threaded"
            },
            {
              "name": "28222",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28222"
            },
            {
              "name": "ADV-2008-0868",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0868"
            },
            {
              "name": "3743",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3743"
            },
            {
              "name": "cisco-acs-ucp-csusercgi-bo(41154)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41154"
            },
            {
              "name": "1019608",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019608"
            },
            {
              "name": "29351",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29351"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2008-0532",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt",
                  "refsource": "MISC",
                  "url": "http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt"
                },
                {
                  "name": "20080312 Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml"
                },
                {
                  "name": "20080312 Cisco ACS UCP Remote Pre-Authentication Buffer Overflows",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489463/100/0/threaded"
                },
                {
                  "name": "28222",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28222"
                },
                {
                  "name": "ADV-2008-0868",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0868"
                },
                {
                  "name": "3743",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3743"
                },
                {
                  "name": "cisco-acs-ucp-csusercgi-bo(41154)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41154"
                },
                {
                  "name": "1019608",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019608"
                },
                {
                  "name": "29351",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29351"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2008-0532",
        "datePublished": "2008-03-14T20:00:00.000Z",
        "dateReserved": "2008-01-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:46:55.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }