CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

424 matches found

Prion•added 2017/09/07 9:29 p.m.•18 views

Cross site scripting

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

4.3CVSS6AI score0.01234EPSS

Exploits0References4Affected Software1

Cvelist•added 2017/09/07 9:0 p.m.•33 views

CVE-2017-12212

6.1AI score0.01234EPSS

Exploits0References4

CVE•added 2017/09/07 9:0 p.m.•75 views

CVE-2017-12212

Cisco Unity Connection (v10.5(2) with default config) is affected by a reflected cross-site scripting (XSS) vulnerability in its web framework. The issue arises from insufficient input validation on HTTP GET/POST parameters, allowing an unauthenticated, remote attacker to persuade a user to follo...

6.1CVSS6AI score0.01234EPSS

Exploits0References4Affected Software1

Cisco•added 2017/09/06 4:0 p.m.•26 views

Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability

6.1CVSS6.1AI score0.01234EPSS

Exploits0References1

CNVD•added 2017/05/04 12:0 a.m.•2 views

Cisco Unity Connection Unauthorized Access Vulnerability

Cisco Unity Connection is a feature-rich voice messaging platform that uses the Linux Unified Communications operating system. Cisco Unity Connection has an unauthorized access vulnerability vulnerability in the ImageID parameter. The vulnerability stems from the HTTP POST parameter user input no...

5.3CVSS6.7AI score0.02514EPSS

Exploits0References1

OSV•added 2017/05/03 9:59 p.m.•1 views

CVE-2017-6629

A vulnerability in the ImageID parameter of Cisco Unity Connection 10.52 could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that...

5.3CVSS6AI score

Exploits0References3

NVD•added 2017/05/03 9:59 p.m.•21 views

CVE-2017-6629

5.3CVSS5.4AI score0.02514EPSS

Exploits0References3

Prion•added 2017/05/03 9:59 p.m.•18 views

Directory traversal

5CVSS5.3AI score0.02514EPSS

Exploits0References3Affected Software1

Cvelist•added 2017/05/03 9:0 p.m.•26 views

CVE-2017-6629

5.4AI score0.02514EPSS

Exploits0References3

CVE•added 2017/05/03 9:0 p.m.•57 views

CVE-2017-6629

The CVE-2017-6629 entry concerns Cisco Unity Connection 10.5(2). Affected component: ImageID parameter handling in HTTP POST submissions. Root cause: improper sanitization of filenames in user-supplied input, enabling directory traversal. Impact: an unauthenticated, remote attacker could access f...

5.3CVSS5.3AI score0.02514EPSS

Exploits0References3Affected Software1

Cisco•added 2017/05/03 4:0 p.m.•26 views

Cisco Unity Connection ImageID Parameter Unauthorized Access Vulnerability

A vulnerability in the ImageID parameter of Cisco Unity Connection could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe...

5.3CVSS5.3AI score0.02514EPSS

Exploits0References1

CNVD•added 2016/04/14 12:0 a.m.•3 views

Cisco Unity Connection Cross-Site Scripting Vulnerability (CNVD-2016-02252)

Cisco Unity Connection UC is a voice messaging platform from Cisco. The platform can use voice commands to make calls or listen to messages in a "hands-free" way. A cross-site scripting vulnerability exists in Cisco UC 11.0 and earlier versions. A remote attacker can exploit this vulnerability by...

6.1CVSS6.1AI score0.01009EPSS

Exploits0References1

OSV•added 2016/04/12 11:59 p.m.•2 views

CVE-2016-1377

Cross-site scripting XSS vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776...

6.1CVSS5.9AI score

Exploits0References2

NVD•added 2016/04/12 11:59 p.m.•15 views

CVE-2016-1377

Cross-site scripting XSS vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776...

6.1CVSS6.1AI score0.01009EPSS

Exploits0References2

Prion•added 2016/04/12 11:59 p.m.•18 views

Cross site scripting

Cross-site scripting XSS vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776...

4.3CVSS6.2AI score0.01009EPSS

Exploits0References2Affected Software1

Cvelist•added 2016/04/12 11:0 p.m.•26 views

CVE-2016-1377

Cross-site scripting XSS vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776...

6.1AI score0.01009EPSS

Exploits0References2

CVE•added 2016/04/12 11:0 p.m.•55 views

CVE-2016-1377

Cisco Unity Connection up to version 11.0 contains a cross-site scripting (XSS) vulnerability in its web framework. An unauthenticated, remote attacker could inject arbitrary web script or HTML via unspecified parameters in the web interface, which is exploitable when a user follows a crafted lin...

6.1CVSS6AI score0.01009EPSS

Exploits0References2Affected Software1

Cisco•added 2016/04/12 6:53 p.m.•31 views

Cisco Unity Connection Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of certain parameters...

4.3CVSS6AI score0.01009EPSS

Exploits0References1

BDU FSTEC•added 2016/03/11 12:0 a.m.•6 views

The vulnerability of the Cisco Unified Communications Manager system, a software solution for instant messaging, Unified Communications Manager IM and Presence Service, and Unified Contact Center Express, a software solution for automating operator operations, as well as the integrated Cisco Unity Connection messaging system, allows a violator to obtain confidential information.

The vulnerabilities of the Cisco Unified Communications Manager, a software solution for instant messaging, Unified Communications Manager IM and Presence Service, and Unified Contact Center Express, a software solution for automating operator operations, as well as the integrated Cisco Unity...

5CVSS6AI score0.00828EPSS

Exploits0References2

CNVD•added 2016/02/11 12:0 a.m.•2 views

Cisco Unity Connection Cross-Site Scripting Vulnerability (CNVD-2016-01055)

Cisco Unity Connection UC is a voice messaging platform from Cisco. The platform can use voice commands to make calls or listen to messages in a "hands-free" way. A cross-site scripting vulnerability exists in Cisco UC version 11.5 0.199. A remote attacker can exploit this vulnerability to inject...

6.1CVSS6.1AI score0.01009EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by