Filtered by vendor Cisco
Subscribe
Total
6075 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-5581 | 1 Cisco | 1 Unified Meetingplace | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters. | |||||
CVE-2007-0058 | 1 Cisco | 1 Network Admission Control Manager And Server System Software | 2023-12-10 | 7.8 HIGH | N/A |
Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file. | |||||
CVE-2008-0027 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2023-12-10 | 10.0 HIGH | N/A |
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request. | |||||
CVE-2007-5547 | 1 Cisco | 1 Ios | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2007-2688 | 1 Cisco | 2 Ios, Ips Sensor Software | 2023-12-10 | 7.8 HIGH | N/A |
The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. | |||||
CVE-2007-2038 | 1 Cisco | 4 2000 Wireless Lan Controller, 2100 Wireless Lan Controller, 4100 Wireless Lan Controller and 1 more | 2023-12-10 | 6.1 MEDIUM | N/A |
The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361. | |||||
CVE-2007-2587 | 1 Cisco | 1 Ios | 2023-12-10 | 6.3 MEDIUM | N/A |
The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244). | |||||
CVE-2007-0199 | 1 Cisco | 1 Ios | 2023-12-10 | 5.0 MEDIUM | N/A |
The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange." | |||||
CVE-2007-0961 | 1 Cisco | 2 Asa 5500, Pix Firewall Software | 2023-12-10 | 7.8 HIGH | N/A |
Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before 6.3(5.115), 7.0 before 7.0(5.2), and 7.1 before 7.1(2.5), and the FWSM 3.x before 3.1(3.24), when the "inspect sip" option is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed SIP packets. | |||||
CVE-2007-2464 | 1 Cisco | 2 Adaptive Security Appliance Software, Pix | 2023-12-10 | 7.1 HIGH | N/A |
Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "non-standard SSL sessions." | |||||
CVE-2007-2462 | 1 Cisco | 2 Adaptive Security Appliance Software, Pix | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors. | |||||
CVE-2006-4911 | 1 Cisco | 1 Ips Sensor Software | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets". | |||||
CVE-2006-4097 | 1 Cisco | 1 Secure Access Control Server | 2023-12-10 | 7.8 HIGH | N/A |
Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute. | |||||
CVE-2006-4983 | 1 Cisco | 1 Network Access Control | 2023-12-10 | 7.5 HIGH | N/A |
Cisco NAC allows quarantined devices to communicate over the network with (1) DNS, (2) DHCP, and (3) EAPoUDP, which allows attackers to bypass control methods by tunneling network traffic through one of these protocols. | |||||
CVE-2007-0481 | 1 Cisco | 1 Ios Transmission Control Protocol | 2023-12-10 | 7.8 HIGH | N/A |
Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header. | |||||
CVE-2007-1066 | 2 Cisco, Meetinghouse | 4 Secure Services Client, Security Agent, Trust Agent and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558. | |||||
CVE-2007-0479 | 1 Cisco | 1 Ios Transmission Control Protocol | 2023-12-10 | 7.8 HIGH | N/A |
Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS device. | |||||
CVE-2007-1257 | 1 Cisco | 10 Catalyst 6000 Ws-svc-nam-1, Catalyst 6000 Ws-svc-nam-2, Catalyst 6000 Ws-x6380-nam and 7 more | 2023-12-10 | 10.0 HIGH | N/A |
The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address. | |||||
CVE-2008-0026 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. | |||||
CVE-2007-5549 | 1 Cisco | 1 Ios | 2023-12-10 | 2.1 LOW | N/A |
Unspecified vulnerability in Command EXEC in Cisco IOS allows local users to bypass command restrictions and obtain sensitive information via an unspecified "variation of an IOS command" involving "two different methods", aka CSCsk16129. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. |