Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-08-10 | CVE-2010-2986 | Cross-Site Scripting vulnerability in Cisco Wireless Control System Software Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288. | 4.3 |
| 2010-06-29 | CVE-2009-4922 | Unspecified vulnerability in Cisco ASA 5580 Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (traceback) by establishing many IPsec L2L tunnels from remote peer IP addresses, aka Bug ID CSCso15583. | 6.8 |
| 2010-06-29 | CVE-2009-4916 | Unspecified vulnerability in Cisco ASA 5580 Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote authenticated users to cause a denial of service (console hang) via a login action during failover replication, aka Bug ID CSCsq80095. | 4.0 |
| 2010-06-29 | CVE-2009-4913 | Permissions, Privileges, and Access Controls vulnerability in Cisco ASA 5580 The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) exposes IP services on the "far side of the box," which might allow remote attackers to bypass intended access restrictions via IPv6 packets, aka Bug ID CSCso58622. | 5.0 |
| 2010-06-29 | CVE-2009-4910 | Cross-Site Scripting vulnerability in Cisco ASA 5580 Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418. | 4.3 |
| 2010-06-29 | CVE-2008-7257 | Improper Input Validation vulnerability in Cisco ASA 5580 8.1(1) CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163. | 4.3 |
| 2010-05-26 | CVE-2010-2082 | Credentials Management vulnerability in Cisco Scientific Atlanta Webstar Dpc2100R2 2.0.2R1256060303 The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 has a default administrative password (aka SAPassword) of W2402, which makes it easier for remote attackers to obtain privileged access. | 5.0 |
| 2010-05-26 | CVE-2010-2026 | Improper Authentication vulnerability in Cisco Scientific Atlanta Webstar Dpc2100R2 2.0.2R1256060303 The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page. | 6.4 |
| 2010-05-26 | CVE-2010-2025 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Scientific Atlanta Webstar Dpc2100R2 2.0.2R1256060303 Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl. | 6.8 |
| 2010-05-14 | CVE-2010-1568 | Cryptographic Issues vulnerability in Cisco Ironport Desktop Flag Plugin for Outlook 6.2.4.3 The Send Secure functionality in the Cisco IronPort Desktop Flag Plug-in for Outlook before 6.5.0-006 does not properly handle simultaneously composed messages, which might allow remote attackers to obtain cleartext contents of e-mail messages that were intended to be encrypted, aka bug 65623. | 5.0 |