Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-04-15 | CVE-2015-0699 | SQL Injection vulnerability in Cisco Unified Communications Domain Manager 10.5(1.98991.13) SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563. | 5.0 |
2015-04-15 | CVE-2015-0698 | Cross-site Scripting vulnerability in Cisco web Security Appliance Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213. | 4.3 |
2015-04-15 | CVE-2015-0697 | Open Redirect vulnerability in Cisco Telepresence TC Software Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980. | 5.8 |
2015-04-15 | CVE-2015-0696 | Cross-site Scripting vulnerability in Cisco Telepresence TC Software Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq94977. | 4.3 |
2015-04-11 | CVE-2015-0694 | Improper Access Control vulnerability in Cisco products Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806. | 5.0 |
2015-04-07 | CVE-2015-0690 | Cross-site Scripting vulnerability in Cisco Wireless LAN Controller Software Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178. | 4.3 |
2015-04-03 | CVE-2015-0684 | SQL Injection vulnerability in Cisco Unified Communications Domain Manager 8.1(.4) SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515. | 6.5 |
2015-04-03 | CVE-2015-0683 | Information Exposure vulnerability in Cisco Unified Communications Domain Manager 8.1(.4) Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. | 4.0 |
2015-04-03 | CVE-2015-0682 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Domain Manager 8.1(.4) Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168. | 6.5 |
2015-04-03 | CVE-2015-0687 | Resource Management Errors vulnerability in Cisco IOS 15.1(2)Sg4/15.1Sg The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka Bug ID CSCuq04574. | 6.3 |