Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-07-26 | CVE-2014-3326 | SQL Injection vulnerability in Cisco Security Manager 4.5/4.6 SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957. | 6.5 |
2014-07-26 | CVE-2014-3324 | Cross-Site Scripting vulnerability in Cisco Telepresence Server Software Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060. | 4.3 |
2014-07-26 | CVE-2014-3305 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings Server Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735. | 6.8 |
2014-07-26 | CVE-2014-3301 | Information Exposure vulnerability in Cisco Webex Meetings Server The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700. | 5.0 |
2014-07-24 | CVE-2014-3322 | Improper Input Validation vulnerability in Cisco products Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417. | 6.1 |
2014-07-19 | CVE-2014-3325 | Cross-Site Scripting vulnerability in Cisco Unified Customer Voice Portal Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727, CSCuh61731, and CSCuh61733. | 4.3 |
2014-07-18 | CVE-2014-3323 | Path Traversal vulnerability in Cisco Unified Contact Center Enterprise Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262. | 4.0 |
2014-07-18 | CVE-2014-3321 | Improper Input Validation vulnerability in Cisco products Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149. | 5.7 |
2014-07-18 | CVE-2014-3320 | Unspecified vulnerability in Cisco Unified Communications Domain Manager Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka Bug ID CSCuo48835. network cisco | 5.8 |
2014-07-18 | CVE-2014-3306 | Improper Input Validation vulnerability in Cisco products The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808. | 10.0 |