Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-09-23 | CVE-2013-5486 | OS Command Injection vulnerability in Cisco Prime Data Center Network Manager Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. | 10.0 |
2013-09-20 | CVE-2013-3473 | Improper Authentication vulnerability in Cisco Prime Central FOR Hosted Collaboration Solution Assurance The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID CSCud32600. | 7.8 |
2013-09-20 | CVE-2012-4082 | Improper Input Validation vulnerability in Cisco Unified Computing System MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug ID CSCtg20749. | 6.8 |
2013-09-20 | CVE-2012-4081 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Unified Computing System MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (application crash) via invalid MCTools parameters, aka Bug ID CSCtg20734. | 4.6 |
2013-09-20 | CVE-2013-5501 | Cross-Site Scripting vulnerability in Cisco Mediasense Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj23328. | 4.3 |
2013-09-20 | CVE-2013-5500 | Cross-Site Scripting vulnerability in Cisco Mediasense Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin service page in Cisco MediaSense allow remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuj23320, CSCuj23324, CSCuj23333, and CSCuj23338. | 4.3 |
2013-09-20 | CVE-2013-1130 | Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619. | 6.8 |
2013-09-20 | CVE-2012-4093 | Improper Input Validation vulnerability in Cisco Unified Computing System The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186. | 4.6 |
2013-09-20 | CVE-2012-4083 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Unified Computing System Multiple buffer overflows in the administrative web interface in Cisco Unified Computing System (UCS) allow remote authenticated users to cause a denial of service (memory corruption and session termination) via long string values for unspecified parameters, aka Bug ID CSCtg20751. | 4.0 |
2013-09-20 | CVE-2012-4074 | Credentials Management vulnerability in Cisco Unified Computing System The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by leveraging knowledge of this key, aka Bug ID CSCte90338. | 5.8 |