| CVE-2011-4237 |
medium |
— |
4.3 |
|
|
cisco |
14y ago |
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary H… |
| CVE-2011-4232 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate direc… |
| CVE-2011-4022 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that… |
| CVE-2011-4019 |
medium |
— |
5.4 |
|
|
cisco |
14y ago |
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted respo… |
| CVE-2012-0361 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to c… |
| CVE-2012-0337 |
medium |
— |
6.5 |
|
|
cisco |
14y ago |
SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. |
| CVE-2012-0333 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML doc… |
| CVE-2011-4014 |
medium |
— |
4.0 |
|
|
cisco |
14y ago |
The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807. |
| CVE-2011-3283 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
Cisco Carrier Routing System 3.9.1 allows remote attackers to cause a denial of service (Metro subsystem crash) via a fragmented GRE packet, aka Bug ID CSCts14887. |
| CVE-2011-2583 |
medium |
— |
5.0 |
|
|
cisco |
14y ago |
Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remote attackers to cause a denial of service via network traffic, as demonstrated by an SEC-BE-STABLE test case, aka Bug ID CSCth338… |
| CVE-2011-4487 |
medium |
— |
6.8 |
|
|
cisco |
15y ago |
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edi… |
| CVE-2011-2042 |
medium |
— |
5.0 |
|
|
cisco |
15y ago |
The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and dat… |
| CVE-2011-2585 |
medium |
— |
6.5 |
|
|
cisco |
15y ago |
Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote authenticated users to upload and execute arbitrary code by leveraging video upload privileges, aka Bug ID CSCto69857. |
| CVE-2011-3294 |
medium |
— |
4.3 |
|
|
cisco |
15y ago |
Cross-site scripting (XSS) vulnerability in the login page in the administrative interface on Cisco TelePresence Video Communication Servers (VCS) with software before X7.0 allows remote attackers to… |
| CVE-2011-2544 |
low |
— |
4.5 |
EXP |
|
cisco |
15y ago |
Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a c… |
| CVE-2011-2581 |
medium |
— |
5.0 |
|
|
cisco |
15y ago |
The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comment… |
| CVE-2011-2546 |
medium |
— |
5.0 |
|
|
cisco |
15y ago |
SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via … |
| CVE-2011-2678 |
medium |
— |
6.8 |
|
|
cisco |
15y ago |
The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing t… |
| CVE-2011-1647 |
medium |
— |
5.0 |
|
|
cisco |
15y ago |
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2… |
| CVE-2011-0966 |
medium |
— |
7.8 |
EXP |
|
cisco |
15y ago |
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (… |
| CVE-2011-0962 |
medium |
— |
5.3 |
EXP |
|
cisco |
15y ago |
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote … |
| CVE-2011-0961 |
medium |
— |
5.3 |
EXP |
|
cisco |
15y ago |
Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTM… |
| CVE-2011-0959 |
medium |
— |
5.3 |
EXP |
|
cisco |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to i… |
| CVE-2011-1610 |
medium |
— |
6.4 |
|
|
cisco |
15y ago |
Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)s… |
| CVE-2011-1607 |
medium |
— |
6.5 |
|
|
cisco |
15y ago |
Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) al… |
| CVE-2011-0951 |
medium |
— |
6.0 |
EXP |
|
cisco |
15y ago |
The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecifi… |
| CVE-2011-0963 |
medium |
— |
5.0 |
|
|
cisco |
15y ago |
The default configuration of the RADIUS authentication feature on the Cisco Network Admission Control (NAC) Guest Server with software before 2.0.3 allows remote attackers to bypass intended access r… |
| CVE-2010-3270 |
medium |
— |
6.8 |
|
|
cisco |
16y ago |
Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted … |
| CVE-2010-4305 |
medium |
— |
5.0 |
|
|
cisco |
16y ago |
Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI… |
| CVE-2010-4304 |
medium |
— |
6.4 |
|
|
cisco |
16y ago |
The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic… |
| CVE-2010-4303 |
medium |
— |
4.9 |
|
linux-kernel |
cisco |
16y ago |
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover enc… |
| CVE-2010-4302 |
medium |
— |
4.9 |
|
linux-kernel |
cisco |
16y ago |
/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) ad… |
| CVE-2010-3039 |
medium |
— |
7.8 |
EXP |
|
cisco |
16y ago |
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via … |
| CVE-2009-5008 |
low |
— |
2.1 |
|
|
cisco |
16y ago |
Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a m… |
| CVE-2009-5007 |
low |
— |
3.3 |
|
|
cisco |
16y ago |
The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files. |
| CVE-2010-2987 |
medium |
— |
4.3 |
|
|
cisco |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless Control System (WCS) 7.x before 7.0.164, as used in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0, allow remo… |
| CVE-2010-2986 |
medium |
— |
4.3 |
|
|
cisco |
16y ago |
Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allo… |
| CVE-2010-1568 |
medium |
— |
5.0 |
|
|
cisco |
16y ago |
The Send Secure functionality in the Cisco IronPort Desktop Flag Plug-in for Outlook before 6.5.0-006 does not properly handle simultaneously composed messages, which might allow remote attackers to … |
| CVE-2010-0594 |
medium |
— |
4.3 |
|
|
cisco |
16y ago |
Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467. |
| CVE-2010-1174 |
medium |
— |
6.0 |
EXP |
|
cisco |
16y ago |
Cisco TFTP Server 1.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) read (aka RRQ) or (2) write (aka WRQ) request, or other TFTP packet. NOTE: some of these d… |
| CVE-2010-0147 |
medium |
— |
6.5 |
|
|
cisco |
17y ago |
SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitr… |
| CVE-2010-0146 |
medium |
— |
6.8 |
|
|
cisco |
17y ago |
Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors. |
| CVE-2010-0642 |
medium |
— |
6.0 |
EXP |
|
cisco |
17y ago |
Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejh… |
| CVE-2010-0641 |
medium |
— |
5.3 |
EXP |
|
cisco |
17y ago |
Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest pa… |
| CVE-2010-0440 |
medium |
— |
5.3 |
EXP |
|
cisco |
17y ago |
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); al… |
| CVE-2010-0141 |
medium |
— |
6.4 |
|
|
cisco |
17y ago |
MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified auth… |
