| CVE-2011-2678 |
medium |
— |
6.8 |
|
|
cisco |
15y ago |
The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing t… |
| CVE-2011-1647 |
medium |
— |
5.0 |
|
|
cisco |
15y ago |
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2… |
| CVE-2011-0966 |
medium |
— |
7.8 |
EXP |
|
cisco |
15y ago |
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (… |
| CVE-2011-0962 |
medium |
— |
5.3 |
EXP |
|
cisco |
15y ago |
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote … |
| CVE-2011-0961 |
medium |
— |
5.3 |
EXP |
|
cisco |
15y ago |
Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTM… |
| CVE-2011-0959 |
medium |
— |
5.3 |
EXP |
|
cisco |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to i… |
| CVE-2011-1610 |
medium |
— |
6.4 |
|
|
cisco |
15y ago |
Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)s… |
| CVE-2011-1607 |
medium |
— |
6.5 |
|
|
cisco |
15y ago |
Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) al… |
| CVE-2011-0951 |
medium |
— |
6.0 |
EXP |
|
cisco |
15y ago |
The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecifi… |
| CVE-2011-0963 |
medium |
— |
5.0 |
|
|
cisco |
15y ago |
The default configuration of the RADIUS authentication feature on the Cisco Network Admission Control (NAC) Guest Server with software before 2.0.3 allows remote attackers to bypass intended access r… |
| CVE-2010-3270 |
medium |
— |
6.8 |
|
|
cisco |
16y ago |
Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted … |
| CVE-2010-4305 |
medium |
— |
5.0 |
|
|
cisco |
16y ago |
Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI… |
| CVE-2010-4304 |
medium |
— |
6.4 |
|
|
cisco |
16y ago |
The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic… |
| CVE-2010-4303 |
medium |
— |
4.9 |
|
linux-kernel |
cisco |
16y ago |
Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover enc… |
| CVE-2010-4302 |
medium |
— |
4.9 |
|
linux-kernel |
cisco |
16y ago |
/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) ad… |
| CVE-2010-3039 |
medium |
— |
7.8 |
EXP |
|
cisco |
16y ago |
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via … |
| CVE-2010-2987 |
medium |
— |
4.3 |
|
|
cisco |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless Control System (WCS) 7.x before 7.0.164, as used in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0, allow remo… |
| CVE-2010-2986 |
medium |
— |
4.3 |
|
|
cisco |
16y ago |
Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allo… |
| CVE-2010-1568 |
medium |
— |
5.0 |
|
|
cisco |
16y ago |
The Send Secure functionality in the Cisco IronPort Desktop Flag Plug-in for Outlook before 6.5.0-006 does not properly handle simultaneously composed messages, which might allow remote attackers to … |
| CVE-2010-0594 |
medium |
— |
4.3 |
|
|
cisco |
16y ago |
Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467. |
| CVE-2010-1174 |
medium |
— |
6.0 |
EXP |
|
cisco |
16y ago |
Cisco TFTP Server 1.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) read (aka RRQ) or (2) write (aka WRQ) request, or other TFTP packet. NOTE: some of these d… |
| CVE-2010-0147 |
medium |
— |
6.5 |
|
|
cisco |
17y ago |
SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitr… |
| CVE-2010-0146 |
medium |
— |
6.8 |
|
|
cisco |
17y ago |
Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors. |
| CVE-2010-0642 |
medium |
— |
6.0 |
EXP |
|
cisco |
17y ago |
Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejh… |
| CVE-2010-0641 |
medium |
— |
5.3 |
EXP |
|
cisco |
17y ago |
Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest pa… |
| CVE-2010-0440 |
medium |
— |
5.3 |
EXP |
|
cisco |
17y ago |
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); al… |
| CVE-2010-0141 |
medium |
— |
6.4 |
|
|
cisco |
17y ago |
MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified auth… |
