Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2013-01-21 CVE-2013-1110 Permissions, Privileges, and Access Controls vulnerability in Cisco Webex Training Center
Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu81065.
network
low complexity
cisco CWE-264
4.0
4.0
2013-01-21 CVE-2013-1108 Permissions, Privileges, and Access Controls vulnerability in Cisco Webex Training Center
Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064.
network
low complexity
cisco CWE-264
4.0
4.0
2013-01-19 CVE-2012-6396 Resource Management Errors vulnerability in Cisco products
Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces that do not exist on the new card, aka Bug ID CSCud44300.
network
high complexity
cisco CWE-399
4.9
4.9
2013-01-17 CVE-2012-5429 Local Denial of Service vulnerability in Cisco VPN Client for Windows
The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669.
local
low complexity
cisco microsoft
4.6
4.6
2013-01-17 CVE-2013-1109 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Training Center
Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067.
network
cisco CWE-352
6.8
6.8
2013-01-17 CVE-2012-6397 Cross-Site Scripting vulnerability in Cisco Quad and Webex Social
Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub61977.
network
cisco CWE-79
4.3
4.3
2013-01-17 CVE-2012-5444 Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence Video Communication Servers Software X7.0.3
Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989.
network
low complexity
cisco CWE-264
5.0
5.0
2012-12-28 CVE-2012-5445 Improper Input Validation vulnerability in Cisco products
The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary.
local
low complexity
cisco CWE-20
6.8
6.8
2012-12-19 CVE-2012-6007 Cross-Site Scripting vulnerability in Cisco products
Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992.
network
cisco CWE-79
4.3
4.3
2012-12-19 CVE-2012-5992 Cross-Site Request Forgery (CSRF) vulnerability in Cisco products
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via screens/aaa/mgmtuser_create.html or (2) insert XSS sequences via the headline parameter to screens/base/web_auth_custom.html, aka Bug ID CSCud50283.
network
cisco CWE-352
6.8
6.8