Myself and a colleague discovered a directory-traversal vulnerability in Cisco’s CDS, essentially you could fetch files off the filesystem using an unauthenticated HTTP request.

The issue was found in v2.5.3 and has been fixed in 2.5.7 (I confirmed on 2.5.9-b5) of their software.

Cisco went full-disclosure on it, fair do’s, and reported CVE-2010-1577, the following sites have my name on them (Google search):

http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml

http://securitytracker.com/alerts/2010/Jul/1024234.html

http://secunia.com/advisories/40701/

http://packetstormsecurity.org/1007-advisories/cisco-sa-20100721-spcdn.txt

We even got on the full-disclosure mailing list – woot!

http://seclists.org/fulldisclosure/2010/Jul/307

Update: Cisco updated the advisory to revision 1.1 after I informed them it affects the whole CDS range, not just the IS but the CA, SR and CDSM.