Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-05-16 | CVE-2013-1244 | Cross-Site Scripting vulnerability in Cisco Webex Social Cross-site scripting (XSS) vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in a post, aka Bug ID CSCue67199. | 3.5 |
2013-05-16 | CVE-2013-1236 | Improper Input Validation vulnerability in Cisco products Cisco TelePresence Supervisor MSE 8050 before 2.3(1.31) allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing TCP connections at a high rate, aka Bug IDs CSCuf76076 and CSCuf79763. | 7.8 |
2013-05-16 | CVE-2013-1200 | Improper Authentication vulnerability in Cisco Secure Access Control System Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787. | 6.8 |
2013-05-16 | CVE-2013-1188 | Improper Authentication vulnerability in Cisco Unified Communications Manager Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515. | 5.0 |
2013-05-13 | CVE-2013-1136 | Resource Management Errors vulnerability in Cisco IOS The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then examining encryption statistics, aka Bug ID CSCuc52193. | 4.6 |
2013-05-10 | CVE-2013-1242 | Resource Management Errors vulnerability in Cisco Unified Presence Server Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080. | 5.0 |
2013-05-09 | CVE-2013-1225 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Customer Voice Portal Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCub38366. | 7.8 |
2013-05-09 | CVE-2013-1224 | Path Traversal vulnerability in Cisco Unified Customer Voice Portal Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369. | 7.8 |
2013-05-09 | CVE-2013-1223 | Improper Input Validation vulnerability in Cisco Unified Customer Voice Portal The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38372. | 7.8 |
2013-05-09 | CVE-2013-1222 | Configuration vulnerability in Cisco Unified Customer Voice Portal The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38379. | 7.8 |