CVE-2014-2125

Cross-site scripting XSS vulnerability in the Web Inbox in Cisco Unity Connection 8.62aSU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028...

CVE-2014-2125

Cisco Unity Connection Web Inbox v8.6(2a)SU3 and earlier are affected by a cross-site scripting (XSS) vulnerability caused by insufficient input validation on a web inbox parameter. An unauthenticated, remote attacker could lure a user to a crafted link, allowing execution of arbitrary HTML/JavaS...

Cisco Unity Connection Web Inbox跨站脚本漏洞

CVE ID:CVE-2014-2125 Cisco Unity Connection是运行在Linux-based Cisco Unified Communications操作系统上的功能强大的语音消息通讯平台。 由于某些关于网页收件箱的输入在返回用户前没有正确过滤，攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML 和脚本代码。 0 Cisco Unity Connection 8.x 目前厂商已经发布了升级补丁以修复漏洞，请下载使用：...

Cisco Unity Connection Cross-Site Scripting Vulnerability

A vulnerability in Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by persuading a user to access a...

Cisco Unity Connection Internet Message Access Protocol Denial of Service Vulnerability

A vulnerability in the Internet Message Access Protocol IMAP function of Cisco Unity Connection could allow an authenticated, remote attacker to cause 100 percent CPU utilization on the Cisco Unity Connection server, which may cause a denial of service DoS condition. The vulnerability is due to t...

CVE-2014-0664

The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service CPU consumption via unspecified IMAP commands, aka Bug ID CSCul49976...

Code injection

The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service CPU consumption via unspecified IMAP commands, aka Bug ID CSCul49976...

CVE-2014-0664

The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service CPU consumption via unspecified IMAP commands, aka Bug ID CSCul49976...

CVE-2014-0664

CVE-2014-0664 affects Cisco Unity Connection. The issue is an IMAP DoS where an authenticated, remote attacker can cause 100% CPU by issuing specific IMAP commands due to how IMAP commands are processed. Cisco’s advisory states the vulnerability can be mitigated by applying the provided software ...

CVE-2013-5534

Directory traversal vulnerability in the attachment service in the Voice Message Web Service aka VMWS or Cisco Unity Web Service in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not ...

Directory traversal

Directory traversal vulnerability in the attachment service in the Voice Message Web Service aka VMWS or Cisco Unity Web Service in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not ...

CVE-2013-5534

CVE-2013-5534 concerns Cisco Unity Connection’s VMWS attachment service. A directory traversal flaw in the VMWS/Nube (Voice Message Web Service) allows an authenticated remote user to craft file names that bypass validation, enabling placement of attacker-controlled files and, in some cases, arbi...

Cisco Unity Connection Directory Traversal Vulnerability

A vulnerability in the attachment service of Cisco Unity Connection, known as Cisco Unity Web Service or as Voice Message Web Service VMWS, could allow an authenticated, remote attacker to place files in arbitrary locations on an affected device. The vulnerability is due to a failure to properly...

Cisco Unity Connection Version

Cisco Unity Connection was found. TRUSTED...

Cisco Unity Connection Administrator Password Bypass (cisco-sa-20120229-cuc)

Cisco Unity Connection before 7.1.3bSu2 / 7.1.5 allows remote, authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid70197; scriptversion"1.6";...

Cisco Unity Connection Remote Denial of Service (cisco-sa-20120229-cuc)

Cisco Unity Connection before 7.1.5bSu5, 8.0, 8.5 before 8.5.1Su3, and 8.6 before 8.6.2 allows remote attackers to cause a denial of service services crash via a series of crafted TCP segments, aka Bug ID CSCtq67899. C Tenable Network Security, Inc. include"compat.inc"; if description...

Cisco Unified Communications Manager Blind SQL Injection Vulnerability

A vulnerability in Cisco Unified Communication Manager Unified CM could allow an authenticated, remote attacker to execute a blind Structured Query Language SQL injection. The vulnerability is due to improper validation of user-supplied requests by the Cisco Unified CM. An attacker could exploit...

Cisco Unified Communications Manager Remote Blind SQL Injection Vulnerability

Cisco Unified Communication Manager Unified CM contains a vulnerability that could allow an unauthenticated, remote attacker to execute a blind Structured Query Language SQL injection. The vulnerability is due to improper validation of user-supplied requests by the Cisco Unified CM. An attacker...

CVE-2013-1129

Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service memory consumption and process crash by sending many TCP requests, aka Bug ID CSCud59736...

Memory corruption

Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service memory consumption and process crash by sending many TCP requests, aka Bug ID CSCud59736...