Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-07-29 | CVE-2009-1164 | Resource Management Errors vulnerability in Cisco products The administrative web interface on the Cisco Wireless LAN Controller (WLC) platform 4.2 before 4.2.205.0 and 5.x before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (device reload) via a malformed response to a (1) HTTP or (2) HTTPS authentication request, aka Bug ID CSCsx03715. | 7.8 |
| 2009-07-16 | CVE-2009-2048 | Cross-Site Scripting vulnerability in Cisco products Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors. | 3.5 |
| 2009-07-16 | CVE-2009-2047 | Path Traversal vulnerability in Cisco products Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors. | 9.0 |
| 2009-06-25 | CVE-2009-1203 | Authentication Form Phishing vulnerability in Cisco Adaptive Security Appliance 8.0(4)/8.1.2/8.2.1 WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709. network cisco | 6.0 |
| 2009-06-25 | CVE-2009-1202 | Cross-Site Scripting vulnerability in Cisco Adaptive Security Appliance 8.0(4)/8.1.2/8.2.1 WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705. | 4.3 |
| 2009-06-25 | CVE-2009-1201 | Cross-Site Scripting vulnerability in Cisco Adaptive Security Appliance 8.0(4)/8.1.2/8.2.1 Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694. | 4.3 |
| 2009-06-25 | CVE-2009-2046 | Information Exposure vulnerability in Cisco Video Surveillance 2500 Series IP Camera The embedded web server on the Cisco Video Surveillance 2500 Series IP Camera with firmware before 2.1 allows remote attackers to read arbitrary files via a (1) http or (2) https request, related to the (a) SD Camera Web Server and the (b) Wireless Camera HTTP Server, aka Bug IDs CSCsu05515 and CSCsr96497. | 6.8 |
| 2009-06-25 | CVE-2009-2045 | Unspecified vulnerability in Cisco Video Surveillance Stream Manager 5.0/5.1 The Cisco Video Surveillance Stream Manager firmware before 5.3, as used on Cisco Video Surveillance Services Platforms and Video Surveillance Integrated Services Platforms, allows remote attackers to cause a denial of service (reboot) via a malformed payload in a UDP packet to port 37000, related to the xvcrman process, aka Bug ID CSCsj47924. | 7.8 |
| 2009-06-25 | CVE-2009-1163 | Resource Management Errors vulnerability in Cisco Physical Access Gateway Memory leak on the Cisco Physical Access Gateway with software before 1.1 allows remote attackers to cause a denial of service (memory consumption) via unspecified TCP packets. | 7.8 |
| 2009-06-15 | CVE-2009-2073 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Wrt160N 1.02.2 Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wireless router hardware 1 and firmware 1.02.2 allows remote attackers to hijack the authentication of other users for unspecified requests via unknown vectors, as demonstrated using administrator privileges and actions. | 6.8 |