Filtered by vendor Cisco
Subscribe
Total
6072 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5553 | 1 Cisco | 3 Security Agent, Unified Callmanager, Unified Presence Server | 2017-07-20 | 7.8 HIGH | N/A |
| Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain options. | |||||
| CVE-2006-5288 | 1 Cisco | 1 2700 Wireless Location Appliance | 2017-07-20 | 10.0 HIGH | N/A |
| Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a default administrator username "root" and password "password," which allows remote attackers to obtain administrative privileges, aka Bug ID CSCsb92893. | |||||
| CVE-2006-4909 | 1 Cisco | 1 Guard Ddos Mitigation Appliance | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh. | |||||
| CVE-2006-4098 | 1 Cisco | 1 Secure Access Control Server | 2017-07-20 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. | |||||
| CVE-2006-4032 | 1 Cisco | 1 Callmanager Express | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417. | |||||
| CVE-2006-3734 | 1 Cisco | 1 Cs-mars | 2017-07-20 | 7.2 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root. | |||||
| CVE-2006-3732 | 1 Cisco | 1 Cs-mars | 2017-07-20 | 5.0 MEDIUM | N/A |
| Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information. | |||||
| CVE-2006-3594 | 1 Cisco | 1 Unified Callmanager | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542. | |||||
| CVE-2006-3593 | 1 Cisco | 1 Unified Callmanager | 2017-07-20 | 4.0 MEDIUM | N/A |
| The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704. | |||||
| CVE-2006-3592 | 1 Cisco | 1 Unified Callmanager | 2017-07-20 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI commands," aka bug CSCse11005. | |||||
| CVE-2006-3291 | 1 Cisco | 1 Ios | 2017-07-20 | 9.3 HIGH | N/A |
| The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system. | |||||
| CVE-2006-3290 | 1 Cisco | 1 Wireless Control System | 2017-07-20 | 5.0 MEDIUM | N/A |
| HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request. | |||||
| CVE-2006-3289 | 1 Cisco | 1 Wireless Control System | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL". | |||||
| CVE-2006-3288 | 1 Cisco | 1 Wireless Control System | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors. | |||||
| CVE-2006-3287 | 1 Cisco | 1 Wireless Control System | 2017-07-20 | 7.5 HIGH | N/A |
| Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391). | |||||
| CVE-2006-3286 | 1 Cisco | 1 Wireless Control System | 2017-07-20 | 7.5 HIGH | N/A |
| The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951). | |||||
| CVE-2006-3285 | 1 Cisco | 1 Wireless Control System | 2017-07-20 | 7.5 HIGH | N/A |
| The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955). | |||||
| CVE-2006-2679 | 1 Cisco | 1 Vpn Client | 2017-07-20 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265. | |||||
| CVE-2006-2322 | 1 Cisco | 2 Application Velocity System 3110, Application Velocity System 3120 | 2017-07-20 | 6.4 MEDIUM | N/A |
| The transparent proxy feature of the Cisco Application Velocity System (AVS) 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143. | |||||
| CVE-2006-1928 | 1 Cisco | 1 Ios Xr | 2017-07-20 | 5.0 MEDIUM | N/A |
| Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS packets, as identified by Cisco bug IDs (1) CSCsd15970 and (2) CSCsd55531. | |||||