Vulnerabilities > Cisco

DATE CVE VULNERABILITY TITLE RISK
2014-07-26 CVE-2014-3326 SQL Injection vulnerability in Cisco Security Manager 4.5/4.6
SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957.
network
low complexity
cisco CWE-89
6.5
6.5
2014-07-26 CVE-2014-3324 Cross-Site Scripting vulnerability in Cisco Telepresence Server Software
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060.
network
cisco CWE-79
4.3
4.3
2014-07-26 CVE-2014-3305 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings Server
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735.
network
cisco CWE-352
6.8
6.8
2014-07-26 CVE-2014-3301 Information Exposure vulnerability in Cisco Webex Meetings Server
The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700.
network
low complexity
cisco CWE-200
5.0
5.0
2014-07-24 CVE-2014-3322 Improper Input Validation vulnerability in Cisco products
Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417.
low complexity
cisco CWE-20
6.1
6.1
2014-07-19 CVE-2014-3325 Cross-Site Scripting vulnerability in Cisco Unified Customer Voice Portal
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733.
network
cisco CWE-79
4.3
4.3
2014-07-18 CVE-2014-3323 Path Traversal vulnerability in Cisco Unified Contact Center Enterprise
Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262.
network
low complexity
cisco CWE-22
4.0
4.0
2014-07-18 CVE-2014-3321 Improper Input Validation vulnerability in Cisco products
Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149. 		5.7
5.7
2014-07-18 CVE-2014-3320 Unspecified vulnerability in Cisco Unified Communications Domain Manager
Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka Bug ID CSCuo48835.
network
cisco
5.8
5.8
2014-07-18 CVE-2014-3306 Improper Input Validation vulnerability in Cisco products
The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808.
network
low complexity
cisco CWE-20
critical
 10.0
10