Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2015-04-22 CVE-2015-0704 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Meetingplace 8.6(1.9)
Multiple cross-site request forgery (CSRF) vulnerabilities in API features in Cisco Unified MeetingPlace 8.6(1.9) allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus95884.
network
cisco CWE-352
6.8
6.8
2015-04-21 CVE-2015-0703 Cross-site Scripting vulnerability in Cisco Unified Meetingplace 8.6(1.9)
Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857.
network
cisco CWE-79
4.3
4.3
2015-04-21 CVE-2015-0702 Improper Input Validation vulnerability in Cisco Unified Meetingplace 8.6(1.9)
Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712.
network
low complexity
cisco CWE-20
critical
 9.0
9.0
2015-04-17 CVE-2015-0700 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Secure Access Control Server Solution Engine 5.4.0.46.6/5.5.0.36/5.5.0.46.4
Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924.
network
cisco CWE-352
6.8
6.8
2015-04-17 CVE-2015-0695 Resource Management Errors vulnerability in Cisco IOS XR
Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card hangs and reloads) by triggering use of a BVI interface for IPv4 packets, aka Bug ID CSCur62957.
network
low complexity
cisco CWE-399
7.8
7.8
2015-04-17 CVE-2015-0691 Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Desktop
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.
network
cisco CWE-264
critical
 9.3
9.3
2015-04-15 CVE-2015-0699 SQL Injection vulnerability in Cisco Unified Communications Domain Manager 10.5(1.98991.13)
SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563.
network
low complexity
cisco CWE-89
5.0
5.0
2015-04-15 CVE-2015-0698 Cross-site Scripting vulnerability in Cisco web Security Appliance
Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213.
network
cisco CWE-79
4.3
4.3
2015-04-15 CVE-2015-0697 Open Redirect vulnerability in Cisco Telepresence TC Software
Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980.
network
cisco CWE-601
5.8
5.8
2015-04-15 CVE-2015-0696 Cross-site Scripting vulnerability in Cisco Telepresence TC Software
Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq94977.
network
cisco CWE-79
4.3
4.3