Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-01-22 | CVE-2014-0672 | Permissions, Privileges, and Access Controls vulnerability in Cisco Mediasense The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface. | 4.0 |
2014-01-22 | CVE-2014-0671 | Improper Input Validation vulnerability in Cisco Mediasense Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749. | 5.8 |
2014-01-22 | CVE-2014-0670 | Cross-Site Scripting vulnerability in Cisco Mediasense Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686. | 4.3 |
2014-01-22 | CVE-2014-0669 | Permissions, Privileges, and Access Controls vulnerability in Cisco ASR 5000 Series Software The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions via unspecified WSP packets, aka Bug ID CSCuh28371. | 5.0 |
2014-01-20 | CVE-2014-0668 | Cross-Site Scripting vulnerability in Cisco Secure Access Control System Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCue65949. | 4.3 |
2014-01-16 | CVE-2014-0667 | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169. | 6.3 |
2014-01-16 | CVE-2014-0666 | Path Traversal vulnerability in Cisco Jabber Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056. | 4.3 |
2014-01-16 | CVE-2013-6687 | Credentials Management vulnerability in Cisco Webex Meetings Server The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876. | 4.0 |
2014-01-15 | CVE-2014-0665 | Permissions, Privileges, and Access Controls vulnerability in Cisco Identity Services Engine Software The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904. | 4.0 |
2014-01-10 | CVE-2014-0664 | Resource Management Errors vulnerability in Cisco Unity Connection The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976. | 6.8 |