Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2009-06-05 CVE-2009-1162 Cross-Site Scripting vulnerability in Cisco products
Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter.
network
cisco CWE-79
4.3
4.3
2009-05-06 CVE-2009-1561 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Wrt54Gc 1.05.7
Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters.
network
cisco CWE-352
6.8
6.8
2009-05-06 CVE-2009-1557 Cross-Site Scripting vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24
Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allow remote attackers to inject arbitrary web script or HTML via the next_file parameter to (1) main.cgi, (2) img/main.cgi, or (3) adm/file.cgi; or (4) the this_file parameter to adm/file.cgi.
network
cisco CWE-79
4.3
4.3
2009-05-06 CVE-2009-1555 Information Exposure vulnerability in Cisco Wvc54Gca 1.00R22/1.00R24
The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 sends configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by reading the SetupWizard.exe process memory, a related issue to CVE-2008-4390.
network
low complexity
cisco CWE-200
5.0
5.0
2009-04-13 CVE-2009-1287 Cross-Site Scripting vulnerability in Cisco Subscriber Edge Services Manager
Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge Services Manager (SESM) allows remote attackers to inject arbitrary web script or HTML via the URI.
network
cisco CWE-79
4.3
4.3
2009-04-09 CVE-2009-1160 Permissions, Privileges, and Access Controls vulnerability in Cisco Adaptive Security Appliance 5500 and PIX
Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277.
network
cisco CWE-264
4.3
4.3
2009-04-09 CVE-2009-1156 Unspecified vulnerability in Cisco Adaptive Security Appliance 5500 and PIX
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a crafted (1) SSL or (2) HTTP packet. 		5.7
5.7
2009-04-01 CVE-2009-1220 Cross-Site Scripting vulnerability in Cisco Adaptive Security Appliance and IOS
Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in WebVPN on the Cisco Adaptive Security Appliances (ASA) 5520 with software 7.2(4)30 and earlier 7.2 versions including 7.2(2)22, and 8.0(4)28 and earlier 8.0 versions, when clientless mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the Host HTTP header.
network
cisco CWE-79
4.3
4.3
2009-03-27 CVE-2009-0629 Unspecified vulnerability in Cisco IOS
The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device reload) via a series of crafted TCP packets.
network
high complexity
cisco
5.4
5.4
2009-02-26 CVE-2009-0624 Remote vulnerability in Multiple Cisco ACE Products
Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet.
network
low complexity
cisco
6.8
6.8