| CVE-2011-0966 |
medium |
— |
7.8 |
EXP |
|
cisco |
15y ago |
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (… |
| CVE-2011-0962 |
medium |
— |
5.3 |
EXP |
|
cisco |
15y ago |
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote … |
| CVE-2011-0961 |
medium |
— |
5.3 |
EXP |
|
cisco |
15y ago |
Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTM… |
| CVE-2011-0960 |
high |
— |
8.5 |
EXP |
|
cisco |
15y ago |
Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation… |
| CVE-2011-0959 |
medium |
— |
5.3 |
EXP |
|
cisco |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to i… |
| CVE-2011-1610 |
medium |
— |
6.4 |
|
|
cisco |
15y ago |
Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)s… |
| CVE-2011-1609 |
high |
— |
9.5 |
EXP |
|
cisco |
15y ago |
SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote… |
| CVE-2011-1607 |
medium |
— |
6.5 |
|
|
cisco |
15y ago |
Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) al… |
| CVE-2011-1606 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote a… |
| CVE-2011-1605 |
high |
— |
7.8 |
|
|
cisco |
15y ago |
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote … |
| CVE-2011-1604 |
high |
— |
7.1 |
|
|
cisco |
15y ago |
Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers … |
| CVE-2011-0951 |
medium |
— |
6.0 |
EXP |
|
cisco |
15y ago |
The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecifi… |
| CVE-2011-0963 |
medium |
— |
5.0 |
|
|
cisco |
15y ago |
The default configuration of the RADIUS authentication feature on the Cisco Network Admission Control (NAC) Guest Server with software before 2.0.3 allows remote attackers to bypass intended access r… |
| CVE-2011-0392 |
high |
— |
7.5 |
|
|
cisco |
16y ago |
Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to perform unspecified actions via a session on T… |
| CVE-2011-0391 |
high |
— |
7.8 |
|
|
cisco |
16y ago |
Cisco TelePresence Recording Server devices with software 1.6.x allow remote attackers to cause a denial of service (thread consumption and device outage) via a malformed request, related to an "ad h… |
| CVE-2011-0390 |
high |
— |
7.8 |
|
|
cisco |
16y ago |
The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, 1.6.x, and 1.7.0 allows remote attackers to cause a denial of service (process cra… |
| CVE-2011-0389 |
high |
— |
7.8 |
|
|
cisco |
16y ago |
Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport … |
| CVE-2011-0388 |
high |
— |
7.8 |
|
|
cisco |
16y ago |
Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote ac… |
| CVE-2011-0387 |
high |
— |
8.0 |
|
|
cisco |
16y ago |
The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or … |
| CVE-2011-0380 |
high |
— |
7.5 |
|
|
cisco |
16y ago |
Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562. |
| CVE-2011-0379 |
high |
— |
7.9 |
|
|
cisco |
16y ago |
Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; … |
| CVE-2011-0378 |
high |
— |
8.3 |
|
|
cisco |
16y ago |
The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command inje… |
| CVE-2011-0377 |
high |
— |
7.8 |
|
|
cisco |
16y ago |
Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allow remote attackers to cause a denial of service (service crash) via a malformed SOAP request in conjunction with a spoofed Te… |
| CVE-2011-0355 |
high |
— |
7.8 |
|
|
ciscovmware |
16y ago |
Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS … |
| CVE-2010-3270 |
medium |
— |
6.8 |
|
|
cisco |
16y ago |
Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted … |
| CVE-2011-0352 |
high |
— |
7.8 |
|
|
cisco |
16y ago |
Buffer overflow in the web-based management interface on the Cisco Linksys WRT54GC router with firmware before 1.06.1 allows remote attackers to cause a denial of service (device crash) via a long st… |
| CVE-2010-4305 |
medium |
— |
5.0 |
|
|
cisco |
16y ago |
Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI… |
| CVE-2010-4304 |
medium |
— |
6.4 |
|
|
cisco |
16y ago |
The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic… |
| CVE-2010-4303 |
medium |
— |
4.9 |
|
linux-kernel |
cisco |
16y ago |
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover enc… |
| CVE-2010-4302 |
medium |
— |
4.9 |
|
linux-kernel |
cisco |
16y ago |
/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) ad… |
| CVE-2010-3037 |
high |
— |
8.5 |
|
|
cisco |
16y ago |
goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Ra… |
| CVE-2010-3039 |
medium |
— |
7.8 |
EXP |
|
cisco |
16y ago |
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via … |
| CVE-2009-5008 |
low |
— |
2.1 |
|
|
cisco |
16y ago |
Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a m… |
| CVE-2009-5007 |
low |
— |
3.3 |
|
|
cisco |
16y ago |
The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files. |
| CVE-2010-2835 |
high |
— |
7.8 |
|
|
cisco |
16y ago |
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7… |
| CVE-2010-2834 |
high |
— |
7.8 |
|
|
cisco |
16y ago |
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x befor… |
| CVE-2010-2840 |
high |
— |
7.8 |
|
|
cisco |
16y ago |
The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which … |
| CVE-2010-2839 |
high |
— |
7.8 |
|
|
cisco |
16y ago |
SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, … |
| CVE-2010-2838 |
high |
— |
7.8 |
|
|
cisco |
16y ago |
The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote atta… |
| CVE-2010-2837 |
high |
— |
7.8 |
|
|
cisco |
16y ago |
The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5),… |
| CVE-2010-2987 |
medium |
— |
4.3 |
|
|
cisco |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless Control System (WCS) 7.x before 7.0.164, as used in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0, allow remo… |
| CVE-2010-2986 |
medium |
— |
4.3 |
|
|
cisco |
16y ago |
Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allo… |
| CVE-2010-1577 |
high |
— |
7.8 |
|
|
cisco |
16y ago |
Directory traversal vulnerability in Cisco Internet Streamer, as used in Cisco Content Delivery System (CDS) 2.2.x, 2.3.x, 2.4.x, and 2.5.x before 2.5.7 allows remote attackers to read arbitrary file… |
| CVE-2010-1571 |
high |
— |
7.8 |
|
|
cisco |
16y ago |
Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows re… |
| CVE-2010-1570 |
high |
— |
7.8 |
|
|
cisco |
16y ago |
The computer telephony integration (CTI) server component in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), 6.0 before 6.0(1)SR1, and 5.0 before 5.0(2)SR3 allows remote … |
| CVE-2010-1568 |
medium |
— |
5.0 |
|
|
cisco |
16y ago |
The Send Secure functionality in the Cisco IronPort Desktop Flag Plug-in for Outlook before 6.5.0-006 does not properly handle simultaneously composed messages, which might allow remote attackers to … |
| CVE-2010-0594 |
medium |
— |
4.3 |
|
|
cisco |
16y ago |
Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467. |
| CVE-2010-1174 |
medium |
— |
6.0 |
EXP |
|
cisco |
16y ago |
Cisco TFTP Server 1.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) read (aka RRQ) or (2) write (aka WRQ) request, or other TFTP packet. NOTE: some of these d… |
| CVE-2010-0572 |
high |
— |
7.1 |
|
|
cisco |
17y ago |
Cisco Digital Media Manager (DMM) before 5.2 allows remote authenticated users to discover Cisco Digital Media Player credentials via vectors related to reading a (1) error log or (2) stack trace, ak… |
| CVE-2010-0571 |
high |
— |
8.5 |
|
|
cisco |
17y ago |
Unspecified vulnerability in Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x allows remote authenticated users to gain privileges via unknown vectors, and consequently execute arbitrary code via a … |
| CVE-2010-0592 |
high |
— |
7.8 |
|
|
cisco |
17y ago |
The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1… |
| CVE-2010-0591 |
high |
— |
7.8 |
|
|
cisco |
17y ago |
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process fai… |
| CVE-2010-0590 |
high |
— |
7.8 |
|
|
cisco |
17y ago |
The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (p… |
| CVE-2010-0588 |
high |
— |
7.8 |
|
|
cisco |
17y ago |
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process fai… |
| CVE-2010-0587 |
high |
— |
7.8 |
|
|
cisco |
17y ago |
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial o… |
| CVE-2010-0148 |
high |
— |
7.8 |
|
linux-kernel |
cisco |
17y ago |
Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via "a series of TCP packets." |
| CVE-2010-0147 |
medium |
— |
6.5 |
|
|
cisco |
17y ago |
SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitr… |
| CVE-2010-0146 |
medium |
— |
6.8 |
|
|
cisco |
17y ago |
Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors. |
| CVE-2010-0642 |
medium |
— |
6.0 |
EXP |
|
cisco |
17y ago |
Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejh… |
| CVE-2010-0641 |
medium |
— |
5.3 |
EXP |
|
cisco |
17y ago |
Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest pa… |
| CVE-2010-0440 |
medium |
— |
5.3 |
EXP |
|
cisco |
17y ago |
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); al… |
| CVE-2010-0142 |
high |
— |
8.5 |
|
|
cisco |
17y ago |
MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote authenticated users to gain privileges via a modified authentication sequence, aka Bug ID CSCsv66530. |
| CVE-2010-0141 |
medium |
— |
6.4 |
|
|
cisco |
17y ago |
MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified auth… |
