Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-07-31 | CVE-2013-3425 | Permissions, Privileges, and Access Controls vulnerability in Cisco Webex 11.0 The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965. | 4.0 |
| 2013-07-29 | CVE-2013-3445 | Permissions, Privileges, and Access Controls vulnerability in Cisco Identity Services Engine The firewall subsystem in Cisco Identity Services Engine has an incorrect rule for open ports, which allows remote attackers to cause a denial of service (CPU consumption or process crash) via a flood of malformed IP packets, aka Bug ID CSCug94572. | 5.0 |
| 2013-07-25 | CVE-2013-3431 | Improper Authentication vulnerability in Cisco Video Surveillance Manager Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169. | 7.8 |
| 2013-07-25 | CVE-2013-3430 | Improper Authentication vulnerability in Cisco Video Surveillance Manager Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288. | 9.0 |
| 2013-07-25 | CVE-2013-3429 | Path Traversal vulnerability in Cisco Video Surveillance Manager Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37163. | 7.8 |
| 2013-07-24 | CVE-2013-3438 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Meetingplace web Conferencing The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385. | 5.0 |
| 2013-07-23 | CVE-2013-3440 | Cross-Site Scripting vulnerability in Cisco Unified Operations Manager Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186. | 4.3 |
| 2013-07-23 | CVE-2013-3439 | Cross-Site Scripting vulnerability in Cisco Unified Operations Manager Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182. | 4.3 |
| 2013-07-23 | CVE-2013-3441 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products Cisco Aironet 3600 access points allow remote attackers to cause a denial of service (memory corruption and device crash) by disrupting Cisco Wireless LAN Controller communication and consequently forcing many transitions from FlexConnect mode to Standalone mode, aka Bug ID CSCuh71210. | 5.4 |
| 2013-07-23 | CVE-2013-3437 | SQL Injection vulnerability in Cisco Unified Operations Manager SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179. | 6.5 |