Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-05-16 | CVE-2008-2165 | Cross-Site Scripting vulnerability in Cisco Building Broadband Service Manager 5.3 Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 4.3 |
2008-03-27 | CVE-2008-1156 | Information Exposure vulnerability in Cisco IOS and IOS Unspecified vulnerability in the Multicast Virtual Private Network (MVPN) implementation in Cisco IOS 12.0, 12.2, 12.3, and 12.4 allows remote attackers to create "extra multicast states on the core routers" via a crafted Multicast Distribution Tree (MDT) Data Join message. | 5.1 |
2008-03-14 | CVE-2008-0533 | Cross-Site Scripting vulnerability in Cisco products Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors. | 4.3 |
2008-02-14 | CVE-2008-0026 | SQL Injection vulnerability in Cisco products SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. | 6.5 |
2008-01-17 | CVE-2008-0324 | Resource Management Errors vulnerability in Cisco VPN Client 5.0.2.0090 Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption. | 4.9 |
2007-12-15 | CVE-2007-5582 | Cross-Site Scripting vulnerability in Cisco Ciscoworks Server 2.6 Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-11-08 | CVE-2007-5581 | Cross-Site Scripting vulnerability in Cisco Unified Meetingplace Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters. | 4.3 |
2007-10-18 | CVE-2007-5571 | Permissions, Privileges, and Access Controls vulnerability in Cisco Firewall Services Module Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, does not properly enforce edited ACLs, which might allow remote attackers to bypass intended restrictions on network traffic, aka CSCsj52536. | 6.8 |
2007-10-18 | CVE-2007-5550 | Information Exposure vulnerability in Cisco IOS Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833. | 5.0 |
2007-10-18 | CVE-2007-5548 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS Multiple stack-based buffer overflows in Command EXEC in Cisco IOS allow local users to gain privileges via unspecified vectors, aka (1) PSIRT-0474975756 and (2) PSIRT-0388256465. | 6.9 |