Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-27 | CVE-2016-6444 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Meeting Server A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. | 6.8 |
| 2016-10-27 | CVE-2016-6443 | SQL Injection vulnerability in Cisco products A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. | 6.5 |
| 2016-10-27 | CVE-2016-6442 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Finesse 11.0(1)Base A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. | 6.8 |
| 2016-10-27 | CVE-2016-6440 | Improper Input Validation vulnerability in Cisco Unified Communications Manager 11.5(0.99838.4) The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. | 4.3 |
| 2016-10-27 | CVE-2016-6439 | Resource Management Errors vulnerability in Cisco Firepower Management Center A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. | 4.3 |
| 2016-10-27 | CVE-2016-6438 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. | 4.3 |
| 2016-10-27 | CVE-2016-1000122 | SQL Injection vulnerability in Huge-It Slider 1.0.9 XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | 6.5 |
| 2016-10-27 | CVE-2016-1000120 | SQL Injection vulnerability in Huge-It Catalog 1.0.4 SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | 6.5 |
| 2016-10-27 | CVE-2016-1598 | Cross-site Scripting vulnerability in Novell products XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages. | 5.4 |
| 2016-10-27 | CVE-2016-1592 | Cross-site Scripting vulnerability in Netiq Identity Manager 4.5 XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. | 6.1 |