Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-05-29 | CVE-2015-0753 | Improper Input Validation vulnerability in Cisco Unified web and E-Mail Interaction Manager 9.0(2) SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu30028. | 6.8 |
| 2015-05-29 | CVE-2015-0752 | Cross-site Scripting vulnerability in Cisco Telepresence Video Communication Server X8.5.1 Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635. | 4.3 |
| 2015-05-23 | CVE-2015-0750 | Permissions, Privileges, and Access Controls vulnerability in Cisco Hosted Collaboration Solution The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786. | 6.5 |
| 2015-05-22 | CVE-2015-0746 | 7PK - Security Features vulnerability in Cisco Secure Access Control Server 5.5(0.46.2) The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022. | 5.0 |
| 2015-05-21 | CVE-2015-0741 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hosted Collaboration Solution Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596. | 6.8 |
| 2015-05-20 | CVE-2015-0740 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826. | 6.8 |
| 2015-05-19 | CVE-2015-0739 | Improper Input Validation vulnerability in Cisco Firesight System Software 5.3.0 The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938. | 4.0 |
| 2015-05-17 | CVE-2015-0738 | Cross-site Scripting vulnerability in Cisco web Security Appliance 8.5.0497 Cross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCuu16008. | 4.3 |
| 2015-05-17 | CVE-2015-0735 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal 10.5(1) Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970. | 6.8 |
| 2015-05-16 | CVE-2015-0730 | Improper Input Validation vulnerability in Cisco Wide Area Application Services 6.0(1) The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645. | 5.0 |