Vulnerabilities > Cisco > Low

DATE CVE VULNERABILITY TITLE RISK
2006-06-28 CVE-2006-3289 Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)/3.2(51)
Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL".
network
high complexity
cisco
2.6
2006-06-19 CVE-2006-3073 Cross-Site Scripting vulnerability in Cisco VPN3K/ASA WebVPN Clientless Mode
Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA).
network
high complexity
cisco
2.6
2006-05-04 CVE-2006-2166 Privilege Escalation vulnerability in Cisco Unity Express Expired Password
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.
network
high complexity
cisco
2.1
2005-11-30 CVE-2005-3921 HTML Injection vulnerability in Cisco IOS HTTP Service
Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages.
network
high complexity
cisco
2.6
2005-11-02 CVE-2005-3427 Unspecified vulnerability in Cisco Ciscoworks Management Center for IPS Sensors 2.1
The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit port field values while generating the Cisco IOS IPS configuration file, wich can cause some signatures to be disabled and makes it easier for attackers to escape detection.
local
low complexity
cisco
2.1
2005-08-03 CVE-2005-2451 Unspecified vulnerability in Cisco IOS and IOS XR
Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.
local
low complexity
cisco
2.1
2002-10-04 CVE-2002-0881 Unspecified vulnerability in Cisco products
Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default administrative password, which allows attackers with physical access to the phone to modify the configuration settings.
local
low complexity
cisco
2.1
2001-10-18 CVE-2001-0741 Denial of Service vulnerability in Cisco HSRP
Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets.
local
low complexity
cisco
2.1
2001-10-10 CVE-2001-1098 Unspecified vulnerability in Cisco PIX Firewall Manager 4.3(2)G
Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file.
local
low complexity
cisco
2.1
2001-07-02 CVE-2001-0444 Unspecified vulnerability in Cisco Cbos 2.3.053/2.4.1
Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information.
local
low complexity
cisco
2.1