Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-13 | CVE-2013-5489 | Permissions, Privileges, and Access Controls vulnerability in Cisco Socialminer The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuh74125. | 5.0 |
| 2013-09-13 | CVE-2013-5482 | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime LAN Management Solution Cisco Prime LAN Management Solution (LMS) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCug77823. | 4.3 |
| 2013-09-12 | CVE-2013-5488 | Improper Input Validation vulnerability in Cisco products Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969. | 5.0 |
| 2013-09-12 | CVE-2013-3446 | Improper Input Validation vulnerability in Cisco Digital Media Manager Open redirect vulnerability in the login page in Cisco Digital Media Manager (DMM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCub23849. | 5.8 |
| 2013-09-08 | CVE-2013-5483 | Cross-Site Scripting vulnerability in Cisco Socialminer Cross-site scripting (XSS) vulnerability in bookmarklet.jsp in Cisco SocialMiner allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh73868. | 4.3 |
| 2013-09-06 | CVE-2013-1228 | Cryptographic Issues vulnerability in Cisco Jabber Cisco Jabber on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify the client-server data stream via a crafted certificate, aka Bug ID CSCug30280. | 4.3 |
| 2013-09-06 | CVE-2013-1119 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DHT index value in JPEG data within a WRF file, aka Bug ID CSCuc24503. | 9.3 |
| 2013-09-06 | CVE-2013-1118 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player Stack-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCuc27645. | 9.3 |
| 2013-09-06 | CVE-2013-1117 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Recording Format Player Buffer overflow in the exception handler in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCuc27639. | 9.3 |
| 2013-09-06 | CVE-2013-1116 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Webex Advanced Recording Format Player Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted ARF file, aka Bug IDs CSCue74147 and CSCub28383. | 9.3 |