Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2015/03/21 1:59 a.m.19 views

CVE-2015-0670

The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482...

6.4CVSS6.6AI score0.00309EPSS
Exploits0References2
Prion
Prionadded 2015/03/21 1:59 a.m.11 views

Default configuration

The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482...

6.4CVSS7.2AI score0.00309EPSS
Exploits0References2Affected Software2
CVE
CVEadded 2015/03/21 1:0 a.m.47 views

CVE-2015-0670

Cisco Small Business SPA300 and SPA500 IP phones running firmware version 7.5.5 are affected by CVE-2015-0670 due to improper authentication in the default configuration. A crafted XML request can allow an unauthenticated remote attacker to read audio-stream data or originate telephone calls. The...

6.4CVSS6.8AI score0.00309EPSS
Exploits0References2Affected Software10
Prion
Prionadded 2012/06/13 8:55 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka...

4.3CVSS6.2AI score0.00296EPSS
Exploits0References1Affected Software5
CVE
CVEadded 2012/06/13 8:0 p.m.62 views

CVE-2011-2545

CVE-2011-2545 is a cross-site scripting (XSS) vulnerability in the SIP INVITE FROM field handling of Cisco SPA 8000/8800 (before 6.1.11), SPA2102 and SPA3102 (before 5.2.13), and SPA 500 series IP phones (before 7.4.9). Root cause: lack of input sanitization in the SIP INVITE FROM field. Impact: ...

4.3CVSS5.9AI score0.00296EPSS
Exploits0References1Affected Software2
Cvelist
Cvelistadded 2012/06/13 8:0 p.m.19 views

CVE-2011-2545

Cross-site scripting XSS vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka...

5.7AI score0.00296EPSS
Exploits0References1
Prion
Prionadded 2012/05/02 10:9 a.m.9 views

Authentication flaw

Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768...

5CVSS7.6AI score0.00274EPSS
Exploits0References2Affected Software2
CVE
CVEadded 2012/05/02 10:0 a.m.42 views

CVE-2012-0333

Cisco Small Business IP phones (SPA 500 series) with firmware 7.4.9 and earlier are affected by CVE-2012-0333 because Push XML requests do not require authentication, enabling remote attackers to initiate calls via crafted XML (Bug CSCts08768). Affected product: SPA 500 series; root cause: unauth...

5CVSS7.3AI score0.00274EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder