Vulnerabilities > Cisco > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-28 | CVE-2006-3289 | Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)/3.2(51) Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL". | 2.6 |
| 2006-06-19 | CVE-2006-3073 | Cross-Site Scripting vulnerability in Cisco VPN3K/ASA WebVPN Clientless Mode Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). | 2.6 |
| 2006-05-04 | CVE-2006-2166 | Privilege Escalation vulnerability in Cisco Unity Express Expired Password Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password. | 2.1 |
| 2005-11-30 | CVE-2005-3921 | HTML Injection vulnerability in Cisco IOS HTTP Service Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. | 2.6 |
| 2005-11-02 | CVE-2005-3427 | Unspecified vulnerability in Cisco Ciscoworks Management Center for IPS Sensors 2.1 The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit port field values while generating the Cisco IOS IPS configuration file, wich can cause some signatures to be disabled and makes it easier for attackers to escape detection. | 2.1 |
| 2005-08-03 | CVE-2005-2451 | Unspecified vulnerability in Cisco IOS and IOS XR Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet. | 2.1 |
| 2002-10-04 | CVE-2002-0881 | Unspecified vulnerability in Cisco products Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default administrative password, which allows attackers with physical access to the phone to modify the configuration settings. | 2.1 |
| 2001-10-18 | CVE-2001-0741 | Denial of Service vulnerability in Cisco HSRP Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets. | 2.1 |
| 2001-10-10 | CVE-2001-1098 | Unspecified vulnerability in Cisco PIX Firewall Manager 4.3(2)G Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file. | 2.1 |
| 2001-07-02 | CVE-2001-0444 | Unspecified vulnerability in Cisco Cbos 2.3.053/2.4.1 Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information. | 2.1 |