Vulnerabilities > Cisco > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-08 | CVE-2006-5806 | Multiple vulnerability in Cisco Secure Desktop SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data. | 2.1 |
| 2006-10-18 | CVE-2006-5393 | Information Disclosure vulnerability in Cisco Secure Desktop SSL VPN Session Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session. | 2.1 |
| 2006-10-18 | CVE-2006-5394 | Information Disclosure vulnerability in Cisco Secure Desktop SSL VPN Session The default configuration of Cisco Secure Desktop (CSD) has an unchecked "Disable printing" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user's SSL VPN session. | 2.1 |
| 2006-09-21 | CVE-2006-4909 | Cross-Site Scripting vulnerability in Cisco Guard Ddos Mitigation Appliance 5.1(5) Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh. | 2.6 |
| 2006-09-09 | CVE-2006-4650 | Remote Security vulnerability in IOS 12.0/12.1/12.2 Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs. | 2.6 |
| 2006-06-28 | CVE-2006-3289 | Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)/3.2(51) Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL". | 2.6 |
| 2006-06-19 | CVE-2006-3073 | Cross-Site Scripting vulnerability in Cisco VPN3K/ASA WebVPN Clientless Mode Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). | 2.6 |
| 2006-05-04 | CVE-2006-2166 | Privilege Escalation vulnerability in Cisco Unity Express Expired Password Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password. | 2.1 |
| 2005-11-30 | CVE-2005-3921 | HTML Injection vulnerability in Cisco IOS HTTP Service Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. | 2.6 |
| 2005-11-02 | CVE-2005-3427 | Unspecified vulnerability in Cisco Ciscoworks Management Center for IPS Sensors 2.1 The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit port field values while generating the Cisco IOS IPS configuration file, wich can cause some signatures to be disabled and makes it easier for attackers to escape detection. | 2.1 |