Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-16 | CVE-2013-5496 | Improper Input Validation vulnerability in Cisco Nx-Os Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote authenticated users to cause a denial of service (network-element reload) via a crafted packet, aka Bug ID CSCui51551. | 6.3 |
| 2013-09-16 | CVE-2013-5495 | Cross-Site Scripting vulnerability in Cisco Unified Meetingplace Cross-site scripting (XSS) vulnerability in the web framework in the Application Server in Cisco Unified MeetingPlace allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui44681. | 4.3 |
| 2013-09-16 | CVE-2013-5494 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCui45209 and CSCui44674. | 6.8 |
| 2013-09-13 | CVE-2013-5493 | Improper Input Validation vulnerability in Cisco products The diagnostic module in the firmware on Cisco Virtualization Experience Client 6000 devices allows local users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors, aka Bug ID CSCug68407. | 6.8 |
| 2013-09-13 | CVE-2013-5492 | Cryptographic Issues vulnerability in Cisco Socialminer administration.jsp in Cisco SocialMiner allows remote attackers to obtain sensitive information by sniffing the network for HTTP client-server traffic, aka Bug ID CSCuh76780. | 5.0 |
| 2013-09-13 | CVE-2013-5489 | Permissions, Privileges, and Access Controls vulnerability in Cisco Socialminer The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuh74125. | 5.0 |
| 2013-09-13 | CVE-2013-5482 | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime LAN Management Solution Cisco Prime LAN Management Solution (LMS) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCug77823. | 4.3 |
| 2013-09-12 | CVE-2013-5488 | Improper Input Validation vulnerability in Cisco products Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote attackers to cause a denial of service (memory consumption) via simultaneous TCP sessions, aka Bug IDs CSCuh54766, CSCuh01267, CSCuh95976, and CSCuh95969. | 5.0 |
| 2013-09-12 | CVE-2013-3446 | Improper Input Validation vulnerability in Cisco Digital Media Manager Open redirect vulnerability in the login page in Cisco Digital Media Manager (DMM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCub23849. | 5.8 |
| 2013-09-08 | CVE-2013-5483 | Cross-Site Scripting vulnerability in Cisco Socialminer Cross-site scripting (XSS) vulnerability in bookmarklet.jsp in Cisco SocialMiner allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh73868. | 4.3 |