188 matches found
CVE-2015-0684
SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.14 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515...
CVE-2015-0682
Cisco Unified Communications Domain Manager 8.14 allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168...
CVE-2015-0683
Cisco Unified Communications Domain Manager 8.1(4) is affected by CVE-2015-0683, where an authenticated, remote attacker can disclose sensitive information via a file-inclusion attack. The root cause is described as an unspecified condition enabling local file inclusion. Impact is information dis...
CVE-2015-0682
Cisco Unified Communications Domain Manager 8.1(4) is affected by CVE-2015-0682 (Bug CSCup90168). The issue allows an authenticated, remote attacker to execute arbitrary code by visiting a deprecated page, as described in Cisco’s advisory Cisco-SA-20150331-CVE-2015-0682. Connected documents corro...
CVE-2015-0683
Cisco Unified Communications Domain Manager 8.14 allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744...
Cisco CUCDM Remote Code Execution Vulnerability
Cisco Unified Communications Manager is an enterprise-class IP telephony call processing system. A security vulnerability exists in the deprecation page of the Cisco Unified Communications Domain Manager Application Software due to an invalid security restriction. An authenticated, remote attacke...
Cisco CUCDM SQL Injection Vulnerability
Cisco Unified Communications Manager is an enterprise-class IP telephony call processing system. A sql injection vulnerability exists in the graphical administration feature of Cisco Unified Communications Domain Manager Application Software due to a failure to effectively validate user-supplied...
Cisco Unified Communications Domain Manager Application Software Information Disclosure Vulnerability
A vulnerability in Cisco Unified Communications Domain Manager Application Software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to unspecified condition within the affected software that could allow local file inclusion. An...
Cisco Unified Communications Domain Manager Application Software SQL Injection Vulnerability
A vulnerability in the Image Management functionality of Cisco Unified Communications Domain Manager Application Software could allow an authenticated, remote attacker to conduct SQL injection attacks. The vulnerability is due to insufficient validation of user-supplied input by the affected...
Cisco Unified Communications Domain Manager Application Software Remote Code Execution Vulnerability
A vulnerability in a deprecated page in Cisco Unified Communications Domain Manager Application Software could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to insufficient security restrictions imposed by the affected software that could allow...
Cisco Unified Communications Domain Manager Platform High CPU Utilization Denial of Service Vulnerability
A vulnerability in Cisco Unified Communications Domain Manager Platform Software could allow an unauthenticated, remote attacker to cause high CPU utilization, which may affect the performance of the system and make some services unavailable. The vulnerability is due to insufficient implementatio...
Cisco Unified Communications Domain Manager Remote Denial of Service Vulnerability (CNVD-2015-00394)
Cisco Unified Communications is the call processing component of a Cisco IP telephony solution. A remote denial of service vulnerability exists in Cisco Unified Communications Domain Manager, which can be exploited by an attacker to initiate a denial of service and deny service to a legitimate us...
Cisco Unified Communications Domain Manager Cross-Site Request Forgery Vulnerability
Cisco Unified Communications is the call processing component of a Cisco IP telephony solution. A cross-site request forgery vulnerability exists in Cisco Unified Communications Domain Manager, which allows remote attackers to exploit the vulnerability to hijack the authentication of arbitrary...
CVE-2015-0588
Cross-site request forgery CSRF vulnerability in Cisco Unified Communications Domain Manager UCDM 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055...
Cisco Unified Communications Domain Manager Remote Denial of Service Vulnerability (CNVD-2015-00226)
Cisco Unified Communications is the call processing component of a Cisco IP telephony solution. A remote denial of service vulnerability exists in Cisco Unified Communications Domain Manager, which can be exploited by remote attackers to cause a denial of service CPU consumption...
Viproy CUCDM IP Phone XML Services - Speed Dial Attack Tool
The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager CDM, before version 10, doesn't implement access control properly, which allows remote attackers to modify user information. This module exploits the vulnerability to make unauthorized speed dial entity...
CVE-2014-8020
CVE-2014-8020 affects Cisco Unified Communications Domain Manager Platform Software. The issue allows unauthenticated remote attackers to cause high CPU utilization and degraded performance or service outage by sending a flood of malformed TCP/UDP packets (Bug ID CSCup25276). Cisco’s advisory not...
Cisco Unified Communications Domain Manager XSS Vulnerability
A vulnerability in the web framework of the Cisco Unified Communications Domain Manager application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface on an affected system. The vulnerability is due to imprope...
CVE-2014-8018
Multiple cross-site scripting XSS vulnerabilities in Business Voice Services Manager BVSM pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555,...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Business Voice Services Manager BVSM pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555,...