Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-18 | CVE-2006-3594 | Remote vulnerability in Cisco Unified CallManager Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542. | 7.5 |
| 2006-07-18 | CVE-2006-3593 | Remote vulnerability in Cisco Unified CallManager The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704. | 4.0 |
| 2006-07-18 | CVE-2006-3592 | Remote vulnerability in Cisco Unified CallManager Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI commands," aka bug CSCse11005. | 4.6 |
| 2006-06-28 | CVE-2006-3291 | Configuration vulnerability in Cisco IOS 12.3(8)Ja/12.3(8)Ja1 The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system. | 9.3 |
| 2006-06-28 | CVE-2006-3290 | Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)/3.2(51) HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request. | 5.0 |
| 2006-06-28 | CVE-2006-3289 | Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)/3.2(51) Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL". | 2.6 |
| 2006-06-28 | CVE-2006-3288 | Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)/3.2(51) Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors. | 5.0 |
| 2006-06-28 | CVE-2006-3287 | Multiple Security vulnerability in Cisco Wireless Control System Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391). | 7.5 |
| 2006-06-28 | CVE-2006-3286 | Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)/3.2(51) The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951). | 7.5 |
| 2006-06-28 | CVE-2006-3285 | Multiple Security vulnerability in Cisco Wireless Control System 3.2(40) The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955). | 7.5 |