CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2010-4302
https://notcve.org/view.php?id=CVE-2010-4302
22 Nov 2010 — /opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) administrator and (2) operator passwords, which makes it easier for local users to obtain sensitive information by recovering the cleartext values, aka Bug ID CSCti54010. /opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val en Cisco Unified Videoconferencing (UVC) System 5110 y 5115, cuando se usa Linux, utiliza un ... • http://seclists.org/fulldisclosure/2010/Nov/167 • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2010-4303
https://notcve.org/view.php?id=CVE-2010-4303
22 Nov 2010 — Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover encrypted passwords by reading this file, aka Bug ID CSCti54043. El Sistema Cisco Unified Videoconferencing (UVC) 5110 y 5115, cuando se utiliza en Sistemas Operativos Linux emplea permisos de lectura para todos (world-readable) para el fichero /etc/shadow, esto permite a usuarios locales descubrir las contraseñas ... • http://seclists.org/fulldisclosure/2010/Nov/167 • CWE-255: Credentials Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 0CVE-2010-4304
https://notcve.org/view.php?id=CVE-2010-4304
22 Nov 2010 — The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack, aka Bug ID CSCti54048. La interfaz Web de las herramientas de Cisco Unified V... • http://seclists.org/fulldisclosure/2010/Nov/167 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2010-4305
https://notcve.org/view.php?id=CVE-2010-4305
22 Nov 2010 — Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) improperly use cookies for web-interface credentials, which allows remote attackers to obtain sensitive information by reading a (1) cleartext or (2) base64-encoded cleartext cookie, aka Bug ID CSCti54052. Los sistemas Cisco Unified Vide... • http://seclists.org/fulldisclosure/2010/Nov/167 • CWE-310: Cryptographic Issues •
CVSS: 8.5EPSS: 2%CPEs: 14EXPL: 0CVE-2010-3037
https://notcve.org/view.php?id=CVE-2010-3037
22 Nov 2010 — goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, and Unified Videoconferencing 3515 Multipoint Control Unit (MCU), allows remote authenticated administrators to execute arbitrary commands via the username field, related to a "shell command injection vulnerability," ... • http://seclists.org/fulldisclosure/2010/Nov/167 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2010-3038
https://notcve.org/view.php?id=CVE-2010-3038
22 Nov 2010 — Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008. Cisco Unified Videoconferencing (UVC) System 5110 y 5115, cuando el sistema operativo Linux se usa, tiene una contraseña por defecto para (1) root, (2) cs, y (3) cuentas de desarrollo, lo que hace más sencillo para ata... • http://seclists.org/fulldisclosure/2010/Nov/167 • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 40EXPL: 0CVE-2007-1467
https://notcve.org/view.php?id=CVE-2007-1467
16 Mar 2007 — Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engin... • http://secunia.com/advisories/24499 •