CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2009-0470 – Cisco IOS 12.4(23) - HTTP Server Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-0470
06 Feb 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el servidor HTTP en Cisco IOS v12.4(23) permite a atacantes remotos inyectar secuencias de comando web o HTML de su elección a través de PATH_INFO a la ... • https://www.exploit-db.com/exploits/32776 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 284EXPL: 2CVE-2008-3821 – Cisco IOS 12.x - HTTP Server Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-3821
16 Jan 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el servidor HTTP en Cisco IOS v11.0 hasta v12.4, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante (1) la cadena query al programa ... • https://www.exploit-db.com/exploits/32723 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 2049EXPL: 1CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
20 Oct 2008 — The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, p... • https://github.com/mrclki/sockstress • CWE-16: Configuration •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2008-2739
https://notcve.org/view.php?id=CVE-2008-2739
26 Sep 2008 — The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a different vulnerability than CVE-2008-1447. El motor de firma SERVICE.DNS en Intrusion Prevention System (IPS) en Cisco IOS v12.3 y v12.4, permite a atacantes remotos provocar una denegación de servicio (caída o cuelgue de dispositivo) a través de tráfico de red que lanz... • http://secunia.com/advisories/31990 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3798
https://notcve.org/view.php?id=CVE-2008-3798
26 Sep 2008 — Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session. Cisco IOS v12.4 permite a atacantes remotos provocar una denegación de servicio (caída de dispositivo) a través de un paquete SSL creado correctamente durante la finalización de una sesión SSL. • http://secunia.com/advisories/31990 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3799
https://notcve.org/view.php?id=CVE-2008-3799
26 Sep 2008 — Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages. Fuga de memoria en la implementación de la Session Initiation Protocol (SIP) en Cisco IOS v12.2 a la v12.4, cuando VoIP está configurada, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y parada del servicio de voz) ... • http://secunia.com/advisories/31990 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 8%CPEs: 10EXPL: 0CVE-2008-3800
https://notcve.org/view.php?id=CVE-2008-3800
26 Sep 2008 — Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802. Vulnerabilidad no especificada en la implementación de la Session Initiation Protocol en Cisco IOS v12.2 a la v12... • http://secunia.com/advisories/31990 •
CVSS: 7.5EPSS: 8%CPEs: 10EXPL: 0CVE-2008-3801
https://notcve.org/view.php?id=CVE-2008-3801
26 Sep 2008 — Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802. Vulnerabilidad no especificada en la implementación de la Session Initiation Protocol en Cisco IOS v12.2 a la v12... • http://secunia.com/advisories/31990 •
CVSS: 7.5EPSS: 0%CPEs: 85EXPL: 0CVE-2008-3802
https://notcve.org/view.php?id=CVE-2008-3802
26 Sep 2008 — Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka Cisco bug ID CSCsk42759, a different vulnerability than CVE-2008-3800 and CVE-2008-3801. Vulnerabilidad sin especificar en la implementación de la Session Initiation Protocol en Cisco IOS v12.2 a la v12.4, cuando está configurada la VoIP, permite a atacantes remot... • http://secunia.com/advisories/31990 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3804
https://notcve.org/view.php?id=CVE-2008-3804
26 Sep 2008 — Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software path is used. Vulnerabilidad sin especificar en el Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) en Cisco IOS v12.2 y v12.4, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) a través de paquetes manipula... • http://secunia.com/advisories/31990 •