CVE-2017-6782 (v3: 5.4) 17 Aug 2017
A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The vulnerability is due to improper sanitization of parameter values by the affected application. An attacker could exploit this vulnerability by injecting malicious code into an affected parameter and persuading a user to access a web page that triggers the rendering of the injected code. Cisco Bug IDs: CSCve47074. Known Affected Releases: 3.2(0.0).


CVE-2016-1413 (v3: 6.5) 28 May 2016
The web interface in Cisco Firepower Management Center 5.4.0 through allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517.



CVE-2014-3399 (v2: 5.5) 7 Oct 2014
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs, and consequently cause a denial of service (portal outage or system reload), via crafted HTTP requests, aka Bug ID CSCup54208.
CVE-2014-2196 (v2: 9.3) 26 May 2014
Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479.
CVE-2014-2170 (v2: 9) 2 May 2014
Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to tshell (aka tcsh) scripts, aka Bug ID CSCue60202.


CVE-2013-3402 (v2: 6.5) 18 Jul 2013
An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.


CVE-2012-1328 (v2: 4.6) 3 May 2012
Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.
CVE-2012-0329 (v2: 9) 19 Jan 2012
Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows remote authenticated users to execute arbitrary code via vectors involving a URL and an administrative resource, aka Bug ID CSCts63878.


CVE-2011-4237 (v2: 4.3) 3 May 2012
CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693.
CVE-2011-2585 (v2: 6.5) 20 Oct 2011
Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote authenticated users to upload and execute arbitrary code by leveraging video upload privileges, aka Bug ID CSCto69857.
CVE-2011-0364 (v2: 10) 19 Feb 2011
The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request.