CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2017-6779
https://notcve.org/view.php?id=CVE-2017-6779
07 Jun 2018 — Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulner... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 12%CPEs: 12EXPL: 0CVE-2017-12337
https://notcve.org/view.php?id=CVE-2017-12337
16 Nov 2017 — A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access ... • http://www.securityfocus.com/bid/101865 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0736
https://notcve.org/view.php?id=CVE-2015-0736
16 May 2015 — Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10.5(1) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu16728. Vulnerabilidad de CSRF en Cisco MediaSense 10.5(1) y anteriores permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocido como Bug ID CSCuu16728. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38869 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0670
https://notcve.org/view.php?id=CVE-2014-0670
22 Jan 2014 — Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686. Vulnerabilidad de XSS en la interfaz Search and Play de Cisco Media Sense permite a atacantes remotos inyectar script Web o HTML arbitrario a través de un parámetro no especificado, también conocido como Bug ID CSCum16686. • http://osvdb.org/102319 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0671
https://notcve.org/view.php?id=CVE-2014-0671
22 Jan 2014 — Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749. Vulnerabilidad de redirección abierta en Cisco MediaSense permite a atacantes remotos redirigir usuarios hacia sitios Web arbitrarios y llevar a cabo ataques de phishing a través de un parámetro no especificado, también conocido Bug ID CSCum16749. • http://osvdb.org/102341 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0672
https://notcve.org/view.php?id=CVE-2014-0672
22 Jan 2014 — The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface. La interfaz Search and Play en Cisco MediaSense no aplica correctamente los requerimientos de autorización, lo que permite a usuarios remotos autenticados descargar registros arbitrarios a través de una petición hacia esta interfaz. • http://osvdb.org/102342 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5502
https://notcve.org/view.php?id=CVE-2013-5502
23 Sep 2013 — The web interface in Cisco MediaSense does not properly protect the client-server communication channel, which allows remote attackers to obtain sensitive query string or cookie information via unspecified vectors, aka Bug ID CSCuj23344. El interfaz web en Cisco MediaSense no protege correctamente el canal de comunicación cliente-servidor, los cual permite a atacantes remotos obtener petición sensible de texto o información de las cookies a través de vectores no especificados, aka Bug ID CSCuj23344. • http://osvdb.org/97532 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5500
https://notcve.org/view.php?id=CVE-2013-5500
20 Sep 2013 — Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin service page in Cisco MediaSense allow remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuj23320, CSCuj23324, CSCuj23333, and CSCuj23338. Multiples vulnerabilidades scripting (XSS) en la página del servicio oraadmin service en Cisco MediaSense permite a atacantes remotos inyectar web scripts HTML arbitrarios a través de un parámetro sin especificar, conocidos bugs IDs CSCuj23320, CSCuj23324... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5500 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5501
https://notcve.org/view.php?id=CVE-2013-5501
20 Sep 2013 — Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj23328. Vulnerabilidad de Cross-site Scripting (XSS) rn la página oraservice de Cisco MediaSense permite a atcantes remotos inyectar web scripts HMTL arbitrarios a través de un parámetro sin espefcar. Conocido BUG ID CSCuj23328. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5501 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •