Filtered by vendor Cisco
Subscriptions
Total
6253 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3593 | 1 Cisco | 1 Unified Callmanager | 2024-11-21 | N/A |
| The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704. | ||||
| CVE-2006-3592 | 1 Cisco | 1 Unified Callmanager | 2024-11-21 | N/A |
| Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI commands," aka bug CSCse11005. | ||||
| CVE-2006-3291 | 1 Cisco | 1 Ios | 2024-11-21 | N/A |
| The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system. | ||||
| CVE-2006-3290 | 1 Cisco | 1 Wireless Control System | 2024-11-21 | N/A |
| HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request. | ||||
| CVE-2006-3289 | 1 Cisco | 1 Wireless Control System | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL". | ||||
| CVE-2006-3288 | 1 Cisco | 1 Wireless Control System | 2024-11-21 | N/A |
| Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors. | ||||
| CVE-2006-3287 | 1 Cisco | 1 Wireless Control System | 2024-11-21 | N/A |
| Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391). | ||||
| CVE-2006-3286 | 1 Cisco | 1 Wireless Control System | 2024-11-21 | N/A |
| The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951). | ||||
| CVE-2006-3285 | 1 Cisco | 1 Wireless Control System | 2024-11-21 | N/A |
| The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955). | ||||
| CVE-2006-3226 | 1 Cisco | 1 Secure Access Control Server | 2024-11-21 | N/A |
| Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability." | ||||
| CVE-2006-3109 | 1 Cisco | 1 Call Manager | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657. | ||||
| CVE-2006-3101 | 1 Cisco | 1 Secure Access Control Server | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters. | ||||
| CVE-2006-3073 | 1 Cisco | 2 Asa 5500, Vpn 3000 Concentrator Series Software | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by the original researcher. | ||||
| CVE-2006-2679 | 1 Cisco | 1 Vpn Client | 2024-11-21 | N/A |
| Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265. | ||||
| CVE-2006-2322 | 1 Cisco | 2 Application Velocity System 3110, Application Velocity System 3120 | 2024-11-21 | N/A |
| The transparent proxy feature of the Cisco Application Velocity System (AVS) 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143. | ||||
| CVE-2006-2166 | 1 Cisco | 2 Unity Express, Unity Express Software | 2024-11-21 | N/A |
| Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password. | ||||
| CVE-2006-1961 | 1 Cisco | 5 Ciscoworks 2000 Service Management Solution, Ethernet Subscriber Solution Engine, Hosting Solution Engine and 2 more | 2024-11-21 | N/A |
| Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory. | ||||
| CVE-2006-1960 | 1 Cisco | 1 Wireless Lan Solution Engine | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095. | ||||
| CVE-2006-1928 | 1 Cisco | 1 Ios Xr | 2024-11-21 | N/A |
| Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS packets, as identified by Cisco bug IDs (1) CSCsd15970 and (2) CSCsd55531. | ||||
| CVE-2006-1927 | 1 Cisco | 1 Ios Xr | 2024-11-21 | N/A |
| Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 or Cisco 12000 series routers, allows remote attackers to cause a denial of service (Line card crash) via certain MPLS packets, as identified by Cisco bug ID CSCsc77475. | ||||