Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-02-14 | CVE-2008-0026 | SQL Injection vulnerability in Cisco products SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. | 6.5 |
| 2008-01-23 | CVE-2008-0029 | Credentials Management vulnerability in Cisco Application Velocity System 5.0.1 Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges. | 10.0 |
| 2008-01-17 | CVE-2008-0324 | Resource Management Errors vulnerability in Cisco VPN Client 5.0.2.0090 Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption. | 4.9 |
| 2008-01-17 | CVE-2008-0027 | Buffer Errors vulnerability in Cisco products Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request. | 10.0 |
| 2007-12-20 | CVE-2007-5584 | Denial Of Service vulnerability in Cisco Firewall Services Module 3.2(3) Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted "data in the control-plane path with Layer 7 Application Inspections." | 7.8 |
| 2007-12-18 | CVE-2007-5583 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IP Phone 7940 Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459. | 7.8 |
| 2007-12-15 | CVE-2007-5582 | Cross-Site Scripting vulnerability in Cisco Ciscoworks Server 2.6 Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2007-12-15 | CVE-2007-5580 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Security Agent Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445. | 10.0 |
| 2007-11-30 | CVE-2007-6190 | Information Exposure vulnerability in Cisco Unified IP Phone The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream. | 3.5 |
| 2007-11-08 | CVE-2007-5581 | Cross-Site Scripting vulnerability in Cisco Unified Meetingplace Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters. | 4.3 |