Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2009-02-25 CVE-2008-6280 Cross-Site Scripting vulnerability in Cisco Wrt160N
Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation.
network
cisco CWE-79
4.3
4.3
2009-02-06 CVE-2009-0471 Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS 12.4(23)
Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request.
network
cisco CWE-352
6.8
6.8
2009-02-06 CVE-2009-0470 Cross-Site Scripting vulnerability in Cisco IOS 12.4(23)
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821.
network
cisco CWE-79
4.3
4.3
2009-02-05 CVE-2009-0058 Improper Input Validation vulnerability in Cisco products
The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial of service (web authentication outage or device reload) via unspecified network traffic, as demonstrated by a vulnerability scanner.
low complexity
cisco CWE-20
6.1
6.1
2009-01-22 CVE-2009-0057 Improper Input Validation vulnerability in Cisco Unified Communications Manager
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely."
network
cisco CWE-20
4.3
4.3
2009-01-22 CVE-2008-3820 Remote Unauthorized TCP Port Access vulnerability in Cisco Security Manager IPS Event Viewer
Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports.
network
cisco
6.8
6.8
2009-01-16 CVE-2009-0056 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Ironport Encryption Appliance and Ironport Postx
Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action.
network
cisco CWE-352
6.8
6.8
2009-01-16 CVE-2009-0055 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Ironport Encryption Appliance and Ironport Postx
Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors.
network
cisco CWE-352
6.8
6.8
2009-01-16 CVE-2009-0054 Credentials Management vulnerability in Cisco Ironport Encryption Appliance and Ironport Postx
PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message.
network
cisco CWE-255
4.3
4.3
2009-01-16 CVE-2009-0053 Cryptographic Issues vulnerability in Cisco Ironport Encryption Appliance and Ironport Postx
PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error."
network
cisco CWE-310
4.3
4.3