Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-14 | CVE-2008-1157 | Improper Input Validation vulnerability in Cisco Ciscoworks Internetwork Performance Monitor 2.6 Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands. | 10.0 |
| 2008-03-14 | CVE-2008-0533 | Cross-Site Scripting vulnerability in Cisco products Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors. | 4.3 |
| 2008-03-14 | CVE-2008-0532 | Buffer Errors vulnerability in Cisco products Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors. | 10.0 |
| 2008-03-03 | CVE-2008-1113 | Information Exposure vulnerability in Vocera Communications Vocera Communications Badge Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. | 7.8 |
| 2008-02-15 | CVE-2008-0531 | Buffer Errors vulnerability in Cisco products Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote SIP servers to execute arbitrary code via a crafted challenge/response message. | 9.3 |
| 2008-02-15 | CVE-2008-0530 | Buffer Errors vulnerability in Cisco products Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP and SIP firmware might allow remote attackers to execute arbitrary code via a crafted DNS response. | 10.0 |
| 2008-02-15 | CVE-2008-0529 | Buffer Errors vulnerability in Cisco products Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command. | 10.0 |
| 2008-02-15 | CVE-2008-0528 | Buffer Errors vulnerability in Cisco products Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote attackers to execute arbitrary code via a SIP message with crafted MIME data. | 10.0 |
| 2008-02-15 | CVE-2008-0527 | Improper Input Validation vulnerability in Cisco products The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a crafted HTTP request. | 7.8 |
| 2008-02-15 | CVE-2008-0526 | Improper Input Validation vulnerability in Cisco products Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a long ICMP echo request (ping) packet. | 7.8 |