source: http://www.securityfocus.com/bid/28222/info Cisco User-Changeable Password (UCP) is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities. Exploiting the cross-site scripting issues may help the attacker steal cookie-based authentication credentials and launch other attacks. Exploiting the buffer-overflow vulnerabilities allows attackers to execute code in the context of the affected application, facilitating the remote compromise of affected computers. The buffer-overflow issues are tracked by Cisco Bug ID CSCsl49180. The cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205. These issues affect versions prior to UCP 4.2 when running on Microsoft Windows. http://www.example.com/securecgi-bin/CSUserCGI.exe?Logout+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBB.xyzab.c.hacker.
Related ExploitsTrying to match CVEs (1): CVE-2008-0532
Trying to match OSVDBs (1): 42961
Other Possible E-DB Search Terms: Cisco User-Changeable Password (UCP) 18.104.22.168.5, Cisco User-Changeable Password
|2008-03-12||Cisco User-Changeable Password (UCP) 22.214.171.124.5 - CSUserCGI.exe Help Facility Cross-Site Scripting||felix|