Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-05-21 | CVE-2015-0741 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hosted Collaboration Solution Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596. | 6.8 |
2015-05-20 | CVE-2015-0740 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826. | 6.8 |
2015-05-19 | CVE-2015-0739 | Improper Input Validation vulnerability in Cisco Firesight System Software 5.3.0 The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938. | 4.0 |
2015-05-17 | CVE-2015-0738 | Cross-site Scripting vulnerability in Cisco web Security Appliance 8.5.0497 Cross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCuu16008. | 4.3 |
2015-05-17 | CVE-2015-0735 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal 10.5(1) Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970. | 6.8 |
2015-05-16 | CVE-2015-0730 | Improper Input Validation vulnerability in Cisco Wide Area Application Services 6.0(1) The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645. | 5.0 |
2015-05-16 | CVE-2015-0729 | Cross-site Scripting vulnerability in Cisco Secure Access Control Server 5.5(0.1) Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005. | 4.3 |
2015-05-16 | CVE-2015-0726 | Improper Input Validation vulnerability in Cisco Wireless LAN Controller Software The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via unspecified parameters, aka Bug IDs CSCum65159 and CSCum65252. | 6.8 |
2015-05-16 | CVE-2015-0723 | Resource Management Errors vulnerability in Cisco Wireless LAN Controller Software 7.5.102.0/7.5.102.11/7.6.100.0 The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269. | 6.1 |
2015-05-16 | CVE-2015-0717 | Improper Input Validation vulnerability in Cisco Unified Communications Manager 10.0(1.10000.12) Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. | 6.9 |