CVSS: 7.8EPSS: 2%CPEs: 310EXPL: 0CVE-2009-0631
https://notcve.org/view.php?id=CVE-2009-0631
27 Mar 2009 — Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, or (4) Media Gateway Control Protocol (MGCP) allows remote attackers to cause a denial of service (blocked input queue on the inbound interface) via a crafted UDP packet. Vulnerabilidad no especificada en Cisco IOS v12.0 hasta v12.4, cuando se ha configurado con (1) IP Service Level Agreements (SLAs... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90426.shtml •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0471
https://notcve.org/view.php?id=CVE-2009-0471
06 Feb 2009 — Cross-site request forgery (CSRF) vulnerability in the HTTP server in Cisco IOS 12.4(23) allows remote attackers to execute arbitrary commands, as demonstrated by executing the hostname command with a level/15/configure/-/hostname request. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el servidor HTTP en in Cisco IOS v12.4(23) permite a atacantes remotos ejecutar comandos de su elección, como se demostró ejecutando el comando hostname con una petición level/15/configure/-/hostname... • http://secunia.com/advisories/33844 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2009-0470 – Cisco IOS 12.4(23) - HTTP Server Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-0470
06 Feb 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerability than CVE-2008-3821. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el servidor HTTP en Cisco IOS v12.4(23) permite a atacantes remotos inyectar secuencias de comando web o HTML de su elección a través de PATH_INFO a la ... • https://www.exploit-db.com/exploits/32776 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 284EXPL: 2CVE-2008-3821 – Cisco IOS 12.x - HTTP Server Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-3821
16 Jan 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el servidor HTTP en Cisco IOS v11.0 hasta v12.4, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante (1) la cadena query al programa ... • https://www.exploit-db.com/exploits/32723 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 2049EXPL: 1CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
20 Oct 2008 — The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, p... • https://github.com/mrclki/sockstress • CWE-16: Configuration •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2008-3812
https://notcve.org/view.php?id=CVE-2008-3812
26 Sep 2008 — Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet. En Cisco IOS v12.4, cuando la Aplicación de Control de Inspección (AIC) del cortafuegos IOS con Inspección de Profundidad de Paquete HTTP está habilitada, permite a atacantes remotos causar denegación del servicio (reinicio de dispositivo) a través de paquetes de tránsito HTTP malformados. • http://secunia.com/advisories/31990 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2008-3807
https://notcve.org/view.php?id=CVE-2008-3807
26 Sep 2008 — Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this community and sending SNMP requests. El Cisco IOS v12.2 y v12.3 en los dispositivos de la serie de Cisco uBR10012, cuando se configura la redundancia del linecard, permite un servicio de lectura/escritura del SNMP con "private" como la comunidad, que permite que los a... • http://secunia.com/advisories/31990 •
CVSS: 7.5EPSS: 1%CPEs: 204EXPL: 0CVE-2008-3809
https://notcve.org/view.php?id=CVE-2008-3809
26 Sep 2008 — Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent Multicast (PIM) packet. Vulnerabilidad en dispositivos Gigabit Switch Router (GSR),(aka 12000 Series routers), de Cisco IOS v12.0 a v12.4. Permite a atacantes de control remoto causar denegación de servicio (reinicio de dispositivo) a través de paquetes Multidifusión de Protocolo Independiente (Protocol Independ... • http://secunia.com/advisories/31990 •
CVSS: 7.5EPSS: 7%CPEs: 10EXPL: 0CVE-2008-3801
https://notcve.org/view.php?id=CVE-2008-3801
26 Sep 2008 — Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802. Vulnerabilidad no especificada en la implementación de la Session Initiation Protocol en Cisco IOS v12.2 a la v12... • http://secunia.com/advisories/31990 •
CVSS: 7.8EPSS: 2%CPEs: 17EXPL: 0CVE-2008-3810
https://notcve.org/view.php?id=CVE-2008-3810
26 Sep 2008 — Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than CVE-2008-3811. En Cisco IOS v12.2 y 12.4, cuando el soporte de Fragmentación del protocolo de control de llamada NAT Skinny (SCCP) está habilitado, permite a atacantes de control remoto causar denegación de servicio (reinicio de dispositivo) a través de mensajes ... • http://secunia.com/advisories/31990 • CWE-20: Improper Input Validation •