Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-04-15 CVE-2015-0699 SQL Injection vulnerability in Cisco Unified Communications Domain Manager 10.5(1.98991.13)
SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563.
network
low complexity
cisco CWE-89
5.0
5.0
2015-04-15 CVE-2015-0698 Cross-site Scripting vulnerability in Cisco web Security Appliance
Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213.
network
cisco CWE-79
4.3
4.3
2015-04-15 CVE-2015-0697 Open Redirect vulnerability in Cisco Telepresence TC Software
Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980.
network
cisco CWE-601
5.8
5.8
2015-04-15 CVE-2015-0696 Cross-site Scripting vulnerability in Cisco Telepresence TC Software
Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq94977.
network
cisco CWE-79
4.3
4.3
2015-04-11 CVE-2015-0694 Improper Access Control vulnerability in Cisco products
Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.
network
low complexity
cisco CWE-284
5.0
5.0
2015-04-07 CVE-2015-0690 Cross-site Scripting vulnerability in Cisco Wireless LAN Controller Software
Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178.
network
cisco CWE-79
4.3
4.3
2015-04-03 CVE-2015-0684 SQL Injection vulnerability in Cisco Unified Communications Domain Manager 8.1(.4)
SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515.
network
low complexity
cisco CWE-89
6.5
6.5
2015-04-03 CVE-2015-0683 Information Exposure vulnerability in Cisco Unified Communications Domain Manager 8.1(.4)
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744.
network
low complexity
cisco CWE-200
4.0
4.0
2015-04-03 CVE-2015-0682 Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager 8.1(.4)
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168.
network
low complexity
cisco CWE-264
6.5
6.5
2015-04-03 CVE-2015-0687 Resource Management Errors vulnerability in Cisco IOS 15.1(2)Sg4/15.1Sg
The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka Bug ID CSCuq04574.
network
cisco CWE-399
6.3
6.3