Vulnerabilities > Cisco
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-09 | CVE-2006-4032 | Information Disclosure vulnerability in Cisco Callmanager Express 3.0 Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417. | 5.0 |
2006-07-21 | CVE-2006-3734 | Multiple vulnerability in Retired: Cisco Security Monitoring Analysis and Response System Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root. | 7.2 |
2006-07-21 | CVE-2006-3733 | Permissions, Privileges, and Access Controls vulnerability in Cisco Security Monitoring Analysis and Response System 4.2.0 jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name. | 7.5 |
2006-07-21 | CVE-2006-3732 | Multiple vulnerability in Retired: Cisco Security Monitoring Analysis and Response System Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information. | 5.0 |
2006-07-18 | CVE-2006-3596 | Denial Of Service vulnerability in Cisco Intrusion Prevention System Malformed Packet The device driver for Intel-based gigabit network adapters in Cisco Intrusion Prevention System (IPS) 5.1(1) through 5.1(p1), as installed on various Cisco Intrusion Prevention System 42xx appliances, allows remote attackers to cause a denial of service (kernel panic and possibly network outage) via a crafted IP packet. | 5.0 |
2006-07-18 | CVE-2006-3595 | Authentication Bypass vulnerability in Cisco Router web Setup 3.3.0Build30 The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190. | 7.5 |
2006-07-18 | CVE-2006-3594 | Remote vulnerability in Cisco Unified CallManager Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542. | 7.5 |
2006-07-18 | CVE-2006-3593 | Remote vulnerability in Cisco Unified CallManager The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704. | 4.0 |
2006-07-18 | CVE-2006-3592 | Remote vulnerability in Cisco Unified CallManager Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI commands," aka bug CSCse11005. | 4.6 |
2006-06-28 | CVE-2006-3291 | Configuration vulnerability in Cisco IOS 12.3(8)Ja/12.3(8)Ja1 The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system. | 9.3 |