Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-09 | CVE-2006-4032 | Information Disclosure vulnerability in Cisco Callmanager Express 3.0 Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417. | 5.0 |
2006-07-21 | CVE-2006-3732 | Multiple vulnerability in Retired: Cisco Security Monitoring Analysis and Response System Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information. | 5.0 |
2006-07-18 | CVE-2006-3596 | Denial Of Service vulnerability in Cisco Intrusion Prevention System Malformed Packet The device driver for Intel-based gigabit network adapters in Cisco Intrusion Prevention System (IPS) 5.1(1) through 5.1(p1), as installed on various Cisco Intrusion Prevention System 42xx appliances, allows remote attackers to cause a denial of service (kernel panic and possibly network outage) via a crafted IP packet. | 5.0 |
2006-07-18 | CVE-2006-3593 | Remote vulnerability in Cisco Unified CallManager The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704. | 4.0 |
2006-07-18 | CVE-2006-3592 | Remote vulnerability in Cisco Unified CallManager Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI commands," aka bug CSCse11005. | 4.6 |
2006-06-28 | CVE-2006-3290 | Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)/3.2(51) HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request. | 5.0 |
2006-06-28 | CVE-2006-3288 | Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)/3.2(51) Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors. | 5.0 |
2006-06-21 | CVE-2006-3109 | Cross-Site Scripting vulnerability in Cisco CallManager Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657. network cisco | 4.3 |
2006-06-21 | CVE-2006-3101 | Cross-Site Scripting vulnerability in Cisco Secure Access Control Server 2.3 Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters. network cisco | 4.3 |
2006-05-12 | CVE-2006-2322 | Unspecified vulnerability in Cisco products The transparent proxy feature of the Cisco Application Velocity System (AVS) 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143. | 6.4 |