Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-05 | CVE-2009-1162 | Cross-Site Scripting vulnerability in Cisco products Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter. | 4.3 |
2009-05-06 | CVE-2009-1561 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Wrt54Gc 1.05.7 Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters. | 6.8 |
2009-05-06 | CVE-2009-1557 | Cross-Site Scripting vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24 Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi; or (4) the this_file parameter to adm/file.cgi. | 4.3 |
2009-05-06 | CVE-2009-1555 | Information Exposure vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24 The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 sends configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by reading the SetupWizard.exe process memory, a related issue to CVE-2008-4390. | 5.0 |
2009-04-13 | CVE-2009-1287 | Cross-Site Scripting vulnerability in Cisco Subscriber Edge Services Manager Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge Services Manager (SESM) allows remote attackers to inject arbitrary web script or HTML via the URI. | 4.3 |
2009-04-09 | CVE-2009-1160 | Permissions, Privileges, and Access Controls vulnerability in Cisco Adaptive Security Appliance 5500 and PIX Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277. | 4.3 |
2009-04-09 | CVE-2009-1156 | Unspecified vulnerability in Cisco Adaptive Security Appliance 5500 and PIX Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a crafted (1) SSL or (2) HTTP packet. | 5.7 |
2009-04-01 | CVE-2009-1220 | Cross-Site Scripting vulnerability in Cisco Adaptive Security Appliance and IOS Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the Host HTTP header. | 4.3 |
2009-03-27 | CVE-2009-0629 | Unspecified vulnerability in Cisco IOS The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device reload) via a series of crafted TCP packets. | 5.4 |
2009-02-26 | CVE-2009-0624 | Remote vulnerability in Multiple Cisco ACE Products Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet. | 6.8 |