Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-10-27 CVE-2016-6444 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Meeting Server
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user.
network
cisco CWE-352
6.8
2016-10-27 CVE-2016-6443 SQL Injection vulnerability in Cisco products
A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability.
network
low complexity
cisco CWE-89
6.5
2016-10-27 CVE-2016-6442 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Finesse 11.0(1)Base
A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface.
network
cisco CWE-352
6.8
2016-10-27 CVE-2016-6440 Improper Input Validation vulnerability in Cisco Unified Communications Manager 11.5(0.99838.4)
The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack.
network
cisco CWE-20
4.3
2016-10-27 CVE-2016-6439 Resource Management Errors vulnerability in Cisco Firepower Management Center
A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting.
network
cisco CWE-399
4.3
2016-10-27 CVE-2016-6438 Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XE
A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device.
network
cisco CWE-264
4.3
2016-10-27 CVE-2016-1000122 SQL Injection vulnerability in Huge-It Slider 1.0.9
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
network
low complexity
huge-it CWE-89
6.5
2016-10-27 CVE-2016-1000120 SQL Injection vulnerability in Huge-It Catalog 1.0.4
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
network
low complexity
huge-it CWE-89
6.5
2016-10-27 CVE-2016-1598 Cross-site Scripting vulnerability in Novell products
XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.
network
low complexity
novell CWE-79
5.4
2016-10-27 CVE-2016-1592 Cross-site Scripting vulnerability in Netiq Identity Manager 4.5
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.
network
low complexity
netiq CWE-79
6.1