Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-01-10 | CVE-2014-0663 | Cross-Site Scripting vulnerability in Cisco Secure Access Control System Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625. | 4.3 |
2014-01-10 | CVE-2014-0658 | Improper Input Validation vulnerability in Cisco products Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) via a crafted SIP header, aka Bug ID CSCul24898. | 5.4 |
2014-01-10 | CVE-2013-6974 | Cross-Site Scripting vulnerability in Cisco Secure Access Control System Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431. | 4.3 |
2014-01-08 | CVE-2014-0657 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Manager The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540. | 4.0 |
2014-01-08 | CVE-2014-0656 | Improper Input Validation vulnerability in Cisco Context Directory Agent Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of certain user-interface data via crafted field values, aka Bug ID CSCuj45353. | 4.0 |
2014-01-08 | CVE-2014-0655 | Improper Input Validation vulnerability in Cisco Adaptive Security Appliance The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID CSCuj45332. | 4.3 |
2014-01-08 | CVE-2014-0654 | Improper Input Validation vulnerability in Cisco Context Directory Agent Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383. | 4.3 |
2014-01-08 | CVE-2014-0653 | Improper Input Validation vulnerability in Cisco Adaptive Security Appliance The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340. | 4.3 |
2014-01-08 | CVE-2014-0652 | Cross-Site Scripting vulnerability in Cisco Context Directory Agent Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj45358. | 4.3 |
2014-01-08 | CVE-2014-0651 | Permissions, Privileges, and Access Controls vulnerability in Cisco Context Directory Agent The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by hijacking a session, aka Bug ID CSCuj45347. | 4.9 |