Vulnerabilities > Cisco > Medium

DATE CVE VULNERABILITY TITLE RISK
2008-05-16 CVE-2008-2165 Cross-Site Scripting vulnerability in Cisco Building Broadband Service Manager 5.3
Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
network
cisco CWE-79
4.3
4.3
2008-03-27 CVE-2008-1156 Information Exposure vulnerability in Cisco IOS and IOS
Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message.
network
high complexity
cisco CWE-200
5.1
5.1
2008-03-14 CVE-2008-0533 Cross-Site Scripting vulnerability in Cisco products
Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.
network
cisco CWE-79
4.3
4.3
2008-02-14 CVE-2008-0026 SQL Injection vulnerability in Cisco products
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
network
low complexity
cisco CWE-89
6.5
6.5
2008-01-17 CVE-2008-0324 Resource Management Errors vulnerability in Cisco VPN Client 5.0.2.0090
Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.
local
low complexity
cisco CWE-399
4.9
4.9
2007-12-15 CVE-2007-5582 Cross-Site Scripting vulnerability in Cisco Ciscoworks Server 2.6
Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
cisco CWE-79
4.3
4.3
2007-11-08 CVE-2007-5581 Cross-Site Scripting vulnerability in Cisco Unified Meetingplace
Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.
network
cisco CWE-79
4.3
4.3
2007-10-18 CVE-2007-5571 Permissions, Privileges, and Access Controls vulnerability in Cisco Firewall Services Module
Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, does not properly enforce edited ACLs, which might allow remote attackers to bypass intended restrictions on network traffic, aka CSCsj52536.
network
cisco CWE-264
6.8
6.8
2007-10-18 CVE-2007-5550 Information Exposure vulnerability in Cisco IOS
Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833.
network
low complexity
cisco CWE-200
5.0
5.0
2007-10-18 CVE-2007-5548 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS
Multiple stack-based buffer overflows in Command EXEC in Cisco IOS allow local users to gain privileges via unspecified vectors, aka (1) PSIRT-0474975756 and (2) PSIRT-0388256465.
local
cisco CWE-119
6.9
6.9