CVE-2014-7988

CVE-2014-7988 affects the Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier. The vulnerability allows remote authenticated users to obtain sensitive information by reading logs (information disclosure due to sensitive data in logs, Bug CSCur06493). An attacker must authen...

Cisco Unity Connection Information Disclosure Vulnerability

A vulnerability in the Unified Messaging Service UMS of Cisco Unity Connection, could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to the inclusion of sensitive information in the logs. An attacker could exploit this vulnerability by viewing th...

CVE-2014-3333

The server in Cisco Unity Connection 9.11 and 9.12 allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014...

CVE-2014-3336

SQL injection vulnerability in the web framework in Cisco Unity Connection 9.12 and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016...

Code injection

The server in Cisco Unity Connection 9.11 and 9.12 allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014...

Sql injection

SQL injection vulnerability in the web framework in Cisco Unity Connection 9.12 and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016...

CVE-2014-3333

The server in Cisco Unity Connection 9.11 and 9.12 allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014...

CVE-2014-3336

SQL injection vulnerability in the web framework in Cisco Unity Connection 9.12 and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016...

CVE-2014-3333

Cisco Unity Connection 9.1(1) and 9.1(2) are affected by CVE-2014-3333, where an authenticated remote attacker can elevate privileges by performing an HTTP Intercept attack and reading files within the web server user context, per Cisco's advisory CSCu p41014. The root cause is improper privilege...

CVE-2014-3336

Cisco Unity Connection 9.1(2) and earlier contains a SQL injection in the web framework. The root cause is insufficient validation of SQL statements in the web server code, allowing an authenticated remote attacker to execute arbitrary SQL and potentially read data from the database. Cisco’s advi...

Cisco Unity Connection SQL Injection Vulnerability

A vulnerability in the web framework code of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary queries on the database. The vulnerability is due to insufficient controls on Structured Query Language SQL statements. An attacker could exploit this vulnerabili...

Cisco Unity Connection HTTP Intercept Vulnerability

A vulnerability in Cisco Unity Connection Server could allow an authenticated, remote attacker to elevate privileges and obtain full access to the affected system. The vulnerability is due to improper privilege escalation. An attacker may be able to exploit this vulnerability by reading files...

Cisco Unity Connection目录遍历漏洞

Bugtraq ID:66676 CVE ID:CVE-2014-2145 Cisco Unity Connection 可以透明地将留言和语音识别组件与您的数据网络集成到一起，不间断地提供对呼叫和留言的全面访问。 Cisco Unity Connection的消息传送API在实现上存在目录遍历漏洞，这可使经过身份验证的远程用户通过.wav文件和audio/x-wav MIME类型的访问限制，利用此漏洞读取任意文件。 0 Cisco Unity Connection 目前厂商已经发布了升级补丁以修复漏洞，请下载使用：...

Cisco Unity Connection Directory Traversal Vulnerability

A vulnerability in the messaging API of Cisco Unity Connection could allow an authenticated, remote attacker to execute a directory traversal and download arbitrary files that match the allowed MIME types. The vulnerability occurs because there is insufficient input filtering and file types other...

CVE-2014-2145

Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071...

Directory traversal

Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071...

CVE-2014-2145

Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071...

CVE-2014-2145

Cisco Unity Connection contains a directory traversal vulnerability in its messaging API (CVE-2014-2145). An authenticated, remote attacker can read arbitrary files by exploiting insufficient input filtering and relaxed restrictions on file types beyond .wav, via the audio/x-wav MIME type. Impact...

CVE-2014-2125

Cross-site scripting XSS vulnerability in the Web Inbox in Cisco Unity Connection 8.62aSU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028...

Cross site scripting

Cross-site scripting XSS vulnerability in the Web Inbox in Cisco Unity Connection 8.62aSU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028...