Search Results (Refine Search)
- CPE Product Version: cpe:/a:cisco:secure_desktop:3.2.0.136
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-0691 |
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001. Published: April 16, 2015; 9:59:25 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-2495 |
The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235. Published: June 20, 2012; 4:55:02 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-0589 |
The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876. Published: April 15, 2010; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-0440 |
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html. Published: February 03, 2010; 1:30:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |