| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1221 |
16 |
|
Exec Code |
2013-05-09 |
2013-05-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384. |
|
2 |
CVE-2013-1192 |
20 |
|
Exec Code |
2013-04-25 |
2013-05-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802. |
|
3 |
CVE-2013-1183 |
119 |
|
Exec Code Overflow |
2013-04-25 |
2013-04-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Intelligent Platform Management Interface (IPMI) functionality in the Manager component in Cisco Unified Computing System (UCS) 1.0 and 1.1 before 1.1(1j) and 1.2 before 1.2(1b) allows remote attackers to execute arbitrary code via malformed data in a UDP packet, aka Bug ID CSCtd32371. |
|
4 |
CVE-2013-1180 |
119 |
|
Exec Code Overflow |
2013-04-25 |
2013-04-25 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54822. |
|
5 |
CVE-2013-1179 |
119 |
|
Exec Code Overflow |
2013-04-25 |
2013-04-29 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allow remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54830. |
|
6 |
CVE-2013-1178 |
119 |
|
Exec Code Overflow |
2013-04-25 |
2013-04-25 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before 5.0(3)U3(1), Nexus 1000V devices 4.x before 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x before 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices before 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275. |
|
7 |
CVE-2013-1177 |
89 |
|
Exec Code Sql |
2013-04-18 |
2013-04-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095. |
|
8 |
CVE-2013-1163 |
89 |
|
Exec Code Sql |
2013-04-01 |
2013-04-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in the device-management implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCue14553 and CSCue38746. |
|
9 |
CVE-2013-1111 |
264 |
|
Exec Code |
2013-02-13 |
2013-02-14 |
9.0 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Complete |
|
The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038. |
|
10 |
CVE-2013-1104 |
|
|
Exec Code |
2013-01-24 |
2013-02-02 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636. |
|
11 |
CVE-2012-6392 |
20 |
|
Exec Code |
2013-01-17 |
2013-01-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779. |
|
12 |
CVE-2012-5445 |
20 |
|
DoS Exec Code |
2012-12-28 |
2013-03-04 |
6.8 |
None |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary. |
|
13 |
CVE-2012-5417 |
264 |
|
Exec Code |
2012-11-02 |
2013-02-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924. |
|
14 |
CVE-2012-4661 |
119 |
|
Exec Code Overflow |
2012-10-29 |
2013-04-10 |
9.0 |
None |
Remote |
Medium |
Not required |
Complete |
Partial |
Complete |
|
Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before 8.4(4.4), 8.5 before 8.5(1.13), and 8.6 before 8.6(1.3) and the Firewall Services Module (FWSM) 4.1 before 4.1(9) in Cisco Catalyst 6500 series switches and 7600 series routers might allow remote attackers to execute arbitrary code via a crafted DCERPC packet, aka Bug IDs CSCtr21359 and CSCtr27522. |
|
15 |
CVE-2012-4655 |
20 |
|
Exec Code |
2012-09-24 |
2013-04-04 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204. |
|
16 |
CVE-2012-3941 |
119 |
|
Exec Code Overflow |
2012-10-25 |
2013-05-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72850. |
|
17 |
CVE-2012-3940 |
119 |
|
Exec Code Overflow |
2012-10-25 |
2013-05-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72958. |
|
18 |
CVE-2012-3939 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-10-25 |
2013-05-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCua61331. |
|
19 |
CVE-2012-3938 |
119 |
|
Exec Code Overflow |
2012-10-25 |
2013-05-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz73583. |
|
20 |
CVE-2012-3937 |
119 |
|
Exec Code Overflow |
2012-10-25 |
2013-05-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72967. |
|
21 |
CVE-2012-3936 |
119 |
|
Exec Code Overflow |
2012-10-25 |
2013-05-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCua40962. |
|
22 |
CVE-2012-3076 |
78 |
|
Exec Code |
2012-07-12 |
2012-07-12 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804. |
|
23 |
CVE-2012-3075 |
78 |
|
Exec Code |
2012-07-12 |
2012-07-12 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724. |
|
24 |
CVE-2012-3074 |
78 |
|
Exec Code |
2012-07-12 |
2012-07-16 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382. |
|
25 |
CVE-2012-3057 |
119 |
|
Exec Code Overflow |
2012-06-29 |
2012-07-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted size field in audio data within a WRF file, aka Bug ID CSCtz00755. |
|
26 |
CVE-2012-3056 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-06-29 |
2012-07-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCtz72946. |
|
27 |
CVE-2012-3055 |
119 |
|
Exec Code Overflow |
2012-06-29 |
2012-07-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted DHT chunk in a JPEG image within a WRF file, aka Bug ID CSCtz72953. |
|
28 |
CVE-2012-3054 |
119 |
|
Exec Code Overflow |
2012-06-29 |
2012-07-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72977. |
|
29 |
CVE-2012-3053 |
119 |
|
Exec Code Overflow |
2012-06-29 |
2012-07-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted ARF file, aka Bug ID CSCtz72985. |
|
30 |
CVE-2012-2496 |
20 |
|
Exec Code |
2012-06-20 |
2012-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925. |
|
31 |
CVE-2012-2493 |
20 |
|
Exec Code |
2012-06-20 |
2012-06-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523. |
|
32 |
CVE-2012-2486 |
94 |
|
Exec Code |
2012-07-12 |
2012-07-16 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953. |
|
33 |
CVE-2012-1337 |
119 |
|
Exec Code Overflow |
2012-04-05 |
2012-11-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1335 and CVE-2012-1336. |
|
34 |
CVE-2012-1336 |
119 |
|
Exec Code Overflow |
2012-04-05 |
2012-11-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1335 and CVE-2012-1337. |
|
35 |
CVE-2012-1335 |
119 |
|
Exec Code Overflow |
2012-04-05 |
2012-11-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1336 and CVE-2012-1337. |
|
36 |
CVE-2012-0384 |
264 |
|
Exec Code Bypass |
2012-03-29 |
2013-03-25 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106. |
|
37 |
CVE-2012-0363 |
94 |
|
Exec Code |
2012-02-24 |
2012-03-06 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability," aka Bug ID CSCtt46871. |
|
38 |
CVE-2012-0358 |
119 |
|
Exec Code Overflow |
2012-03-14 |
2013-01-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf.ocx, as distributed through the Clientless VPN feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 through 7.2 before 7.2(5.6), 8.0 before 8.0(5.26), 8.1 before 8.1(2.53), 8.2 before 8.2(5.18), 8.3 before 8.3(2.28), 8.2 before 8.4(2.16), and 8.6 before 8.6(1.1), allows remote attackers to execute arbitrary code via unspecified vectors, aka Bug ID CSCtr00165. |
|
39 |
CVE-2012-0337 |
89 |
|
Exec Code Sql |
2012-05-02 |
2012-05-11 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. |
|
40 |
CVE-2012-0329 |
94 |
|
Exec Code |
2012-01-19 |
2012-01-30 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows remote authenticated users to execute arbitrary code via vectors involving a URL and an administrative resource, aka Bug ID CSCts63878. |
|
41 |
CVE-2012-0284 |
119 |
|
Exec Code Overflow |
2012-07-19 |
2012-07-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument). |
|
42 |
CVE-2011-4487 |
89 |
|
Exec Code Sql |
2012-02-29 |
2012-03-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538. |
|
43 |
CVE-2011-4005 |
352 |
|
Exec Code CSRF |
2011-11-03 |
2011-11-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124. |
|
44 |
CVE-2011-4004 |
119 |
|
Exec Code Overflow |
2011-10-27 |
2012-04-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file. |
|
45 |
CVE-2011-3319 |
119 |
|
Exec Code Overflow |
2011-10-27 |
2012-04-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file. |
|
46 |
CVE-2011-3310 |
94 |
|
Exec Code |
2011-10-19 |
2012-01-11 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535. |
|
47 |
CVE-2011-3271 |
|
|
DoS Exec Code |
2011-10-03 |
2012-05-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via crafted TCP packets to port 4786, aka Bug ID CSCto10165. |
|
48 |
CVE-2011-2738 |
|
|
Exec Code Overflow |
2011-09-19 |
2011-10-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow. |
|
49 |
CVE-2011-2585 |
94 |
|
Exec Code |
2011-10-19 |
2012-01-11 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote authenticated users to upload and execute arbitrary code by leveraging video upload privileges, aka Bug ID CSCto69857. |
|
50 |
CVE-2011-2547 |
264 |
|
Exec Code |
2011-07-28 |
2011-08-11 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681. |
