| CVE-2015-0747 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408. |
| CVE-2015-0757 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by read… |
| CVE-2015-0756 |
medium |
— |
6.1 |
|
|
cisco |
11y ago |
Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka B… |
| CVE-2015-0755 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug… |
| CVE-2015-0754 |
high |
— |
7.5 |
|
|
cisco |
11y ago |
Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810. |
| CVE-2015-0753 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified… |
| CVE-2015-0752 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSC… |
| CVE-2015-0751 |
high |
— |
7.8 |
|
|
cisco |
11y ago |
Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. |
| CVE-2015-0722 |
high |
— |
7.8 |
|
|
cisco |
11y ago |
The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote attackers to cause a denial of service (process restart or device reload) via a… |
| CVE-2014-2174 |
high |
— |
8.3 |
|
|
cisco |
11y ago |
Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local… |
| CVE-2015-0750 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fiel… |
| CVE-2015-0746 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022. |
| CVE-2015-0742 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 10… |
| CVE-2015-0741 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of… |
| CVE-2015-0740 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826. |
| CVE-2015-0739 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Con… |
| CVE-2015-0735 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970. |
| CVE-2015-0730 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug… |
| CVE-2015-0729 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion atta… |
| CVE-2015-0717 |
medium |
— |
6.9 |
|
|
cisco |
11y ago |
Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. |
| CVE-2015-0736 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10.5(1) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu16728. |
| CVE-2015-0728 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco Access Control Server (ACS) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu11002. |
| CVE-2015-0727 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco Security Manager (CSM) 4.7(0)SP1(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID C… |
| CVE-2015-0634 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the administrative interface in Cisco WebEx Meetings Server 2.5 and 2.5.0.997 allows remote attackers to inject arbitrary web script or HTML via a crafted … |
| CVE-2015-0716 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitr… |
| CVE-2015-0715 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspe… |
| CVE-2015-0714 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parame… |
| CVE-2015-0707 |
low |
— |
3.5 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML v… |
| CVE-2015-0706 |
medium |
— |
5.8 |
|
|
cisco |
11y ago |
Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct … |
| CVE-2015-0705 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of … |
| CVE-2015-0704 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in API features in Cisco Unified MeetingPlace 8.6(1.9) allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CS… |
| CVE-2015-0703 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vect… |
| CVE-2015-0700 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attac… |
| CVE-2015-0699 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands … |
| CVE-2015-0698 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject ar… |
| CVE-2015-0696 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbi… |
| CVE-2015-0693 |
high |
— |
7.2 |
|
|
cisco |
11y ago |
Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execut… |
| CVE-2015-0692 |
high |
— |
7.2 |
|
|
cisco |
11y ago |
Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execut… |
| CVE-2015-0616 |
high |
— |
7.1 |
|
|
cisco |
11y ago |
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allow… |
| CVE-2015-0615 |
high |
— |
7.1 |
|
|
cisco |
11y ago |
The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows… |
| CVE-2015-0614 |
high |
— |
7.1 |
|
|
cisco |
11y ago |
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integ… |
| CVE-2015-0613 |
high |
— |
7.1 |
|
|
cisco |
11y ago |
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integ… |
| CVE-2015-0612 |
high |
— |
7.1 |
|
|
cisco |
11y ago |
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allow… |
| CVE-2015-0684 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified… |
| CVE-2015-0683 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. |
| CVE-2015-0682 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168. |
| CVE-2015-0680 |
medium |
— |
4.0 |
|
|
cisco |
11y ago |
Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq4… |
| CVE-2015-0671 |
medium |
— |
5.0 |
|
|
cisco |
11y ago |
The DNS implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.2(1) allows remote attackers to cause a denial of service (CPU consumption and network-resource consump… |
| CVE-2015-0668 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified ve… |
| CVE-2015-0664 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted m… |
| CVE-2015-0665 |
medium |
— |
6.6 |
|
|
cisco |
11y ago |
The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173. |
| CVE-2015-0663 |
medium |
— |
6.6 |
|
|
cisco |
11y ago |
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages,… |
| CVE-2015-0662 |
high |
— |
7.2 |
|
|
cisco |
11y ago |
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation,… |
| CVE-2015-0660 |
high |
— |
7.2 |
|
|
cisco |
11y ago |
Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller admini… |
| CVE-2015-0654 |
high |
— |
7.1 |
|
|
cisco |
11y ago |
Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of servic… |
| CVE-2015-0652 |
high |
— |
7.8 |
|
|
cisco |
11y ago |
The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remo… |
| CVE-2014-2130 |
medium |
— |
6.5 |
|
|
cisco |
11y ago |
Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configu… |
| CVE-2015-0655 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vect… |
| CVE-2015-0651 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows… |
| CVE-2015-0594 |
medium |
— |
4.3 |
|
|
cisco |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers… |
| CVE-2015-0633 |
medium |
— |
6.8 |
|
|
cisco |
11y ago |
The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending cr… |
| CVE-2015-0631 |
high |
— |
7.1 |
|
|
cisco |
11y ago |
Race condition in the SSL implementation on Cisco Intrusion Prevention System (IPS) devices allows remote attackers to cause a denial of service by making many management-interface HTTPS connections … |
| CVE-2015-0618 |
high |
— |
7.1 |
|
|
cisco |
11y ago |
Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (lin… |
| CVE-2015-0584 |
high |
— |
7.2 |
|
|
cisco |
11y ago |
The image-upgrade implementation on Cisco Desktop Collaboration Experience (aka Collaboration Desk Experience or DX) DX650 endpoints allows local users to execute arbitrary OS commands via an unspeci… |
| CVE-2015-0626 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to obtain access to system-management tools via crafted Challenge SOAP calls, aka Bug ID CSCuc38114. |
| CVE-2015-0621 |
high |
— |
7.8 |
|
|
cisco |
12y ago |
Cisco TelePresence MCU devices with software 4.5(1.45) allow remote attackers to cause a denial of service (device reload) via an unspecified series of TCP packets, aka Bug ID CSCur50347. |
| CVE-2015-0620 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via P… |
| CVE-2015-0617 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices allow remote attackers to cause a denial of service (CPU consumption and SNMP outage) via malformed SNMP packets, aka Bug ID CSCur13… |
| CVE-2014-8023 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users t… |
| CVE-2015-0580 |
medium |
— |
6.5 |
|
|
cisco |
12y ago |
Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute ar… |
| CVE-2014-3365 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the… |
| CVE-2014-2153 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in Cisco Prime Infrastructure allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID … |
| CVE-2014-2152 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site request forgery (CSRF) vulnerability in the INSERT page in Cisco Prime Infrastructure (PI) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868. |
| CVE-2014-2147 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspe… |
| CVE-2013-5557 |
medium |
— |
6.3 |
|
|
cisco |
12y ago |
The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of servic… |
| CVE-2014-8021 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitra… |
| CVE-2015-0597 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67… |
| CVE-2015-0596 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163. |
| CVE-2015-0595 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079. |
| CVE-2015-0581 |
high |
— |
7.5 |
|
|
cisco |
12y ago |
The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity de… |
| CVE-2014-8008 |
medium |
— |
7.8 |
EXP |
|
cisco |
12y ago |
Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full p… |
| CVE-2015-0590 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action… |
| CVE-2015-0591 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177. |
| CVE-2015-0588 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. |
| CVE-2014-8034 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing username… |
| CVE-2014-8022 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSC… |
| CVE-2015-0583 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281. |
| CVE-2015-0579 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets, … |
| CVE-2014-3314 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka … |
| CVE-2014-8036 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254. |
| CVE-2014-8035 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts… |
| CVE-2014-8020 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of malfo… |
| CVE-2014-8033 |
medium |
— |
5.0 |
|
|
cisco |
12y ago |
The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421. |
| CVE-2014-8032 |
medium |
— |
4.0 |
|
|
cisco |
12y ago |
The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449. |
| CVE-2014-8031 |
medium |
— |
6.8 |
|
|
cisco |
12y ago |
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456. |
| CVE-2014-8030 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381. |
| CVE-2014-8029 |
medium |
— |
5.8 |
|
|
cisco |
12y ago |
Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspe… |
| CVE-2014-8028 |
medium |
— |
4.3 |
|
|
cisco |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified para… |
| CVE-2014-8027 |
medium |
— |
6.5 |
|
|
cisco |
12y ago |
The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via … |
| CVE-2014-7999 |
high |
— |
7.7 |
|
|
cisco |
12y ago |
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, … |
