Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

54 matches found

Cvelist
Cvelistadded 2018/11/08 5:0 p.m.19 views

CVE-2018-15381 Cisco Unity Express Arbitrary Command Execution Vulnerability

A Java deserialization vulnerability in Cisco Unity Express CUE could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...

9.8CVSS9.9AI score0.22249EPSS
Exploits0References3
CVE
CVEadded 2018/11/08 5:0 p.m.56 views

CVE-2018-15381

Cisco Unity Express (CUE) is affected by CVE-2018-15381 due to insecure Java deserialization, allowing an unauthenticated remote attacker to execute arbitrary shell commands with root privileges by sending a malicious serialized Java object to the RMI service. Affected releases prior to Cisco Uni...

10CVSS10AI score0.22249EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2018/11/08 4:29 p.m.2 views

CVE-2018-15381

A Java deserialization vulnerability in Cisco Unity Express CUE could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...

9.8CVSS6.1AI score0.22249EPSS
Exploits0References3
NVD
NVDadded 2018/11/08 4:29 p.m.13 views

CVE-2018-15381

A Java deserialization vulnerability in Cisco Unity Express CUE could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...

10CVSS10AI score0.22249EPSS
Exploits0References3
Prion
Prionadded 2018/11/08 4:29 p.m.16 views

Deserialization of untrusted data

A Java deserialization vulnerability in Cisco Unity Express CUE could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...

10CVSS9.8AI score0.22249EPSS
Exploits0References3Affected Software1
CNVD
CNVDadded 2018/11/08 12:0 a.m.4 views

Cisco Unity Express Arbitrary Command Execution Vulnerability

Cisco Unity is an advanced unified communications solution for enterprise organizations that provides robust messaging and intelligent voice messaging. An arbitrary command execution vulnerability exists in Cisco Unity Express due to unsafe deserialization of user-supplied content by the affected...

10CVSS9.9AI score0.22249EPSS
Exploits0References1
Cisco
Ciscoadded 2018/11/07 4:0 p.m.581 views

Cisco Unity Express Arbitrary Command Execution Vulnerability

A Java deserialization vulnerability in Cisco Unity Express CUE could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...

9.8CVSS3.7AI score0.22249EPSS
Exploits0References1
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.17 views

Cisco Unity Express Multiple Vulnerabilities

No description provided by source. Exploit Title: Cisco Unity Express Multiple Vulnerabilities Reported: December 2012 Disclosed: February 2013 Author: Jacob Holcomb of Independent Security Evaluators CVE: XSS - CVE-2013-1114 and CSRF - CVE-2013-1120...

6.8CVSS0.3AI score0.1338EPSS
Exploits5
NVD
NVDadded 2013/02/13 11:55 p.m.10 views

CVE-2013-1114

Multiple cross-site scripting XSS vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527...

4.3CVSS5.7AI score0.1338EPSS
Exploits5References1
Prion
Prionadded 2013/02/13 11:55 p.m.10 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527...

4.3CVSS6AI score0.1338EPSS
Exploits5References1Affected Software1
CVE
CVEadded 2013/02/13 11:0 p.m.41 views

CVE-2013-1114

Cisco Unity Express (Cisco Unity Express) affected by XSS vulnerabilities (CVE-2013-1114) in versions before 8.0. Attack vector is not fully specified in the provided documents; remote attacker can inject arbitrary web script or HTML via web interface. Root cause is described as cross-site script...

4.3CVSS5.7AI score0.1338EPSS
Exploits5References1Affected Software1
EUVD
EUVDadded 2013/02/13 11:0 p.m.3 views

EUVD-2013-1154

Multiple cross-site scripting XSS vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527...

4.3CVSS5.6AI score0.1338EPSS
Exploits5References2
Cvelist
Cvelistadded 2013/02/13 11:0 p.m.19 views

CVE-2013-1114

Multiple cross-site scripting XSS vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527...

5.7AI score0.1338EPSS
Exploits5References1
NVD
NVDadded 2013/02/06 12:5 p.m.13 views

CVE-2013-1120

Multiple cross-site request forgery CSRF vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910...

6.8CVSS7.2AI score0.00577EPSS
Exploits5References1
Prion
Prionadded 2013/02/06 12:5 p.m.11 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910...

6.8CVSS7.7AI score0.00577EPSS
Exploits5References1Affected Software1
CVE
CVEadded 2013/02/06 11:0 a.m.49 views

CVE-2013-1120

CVE-2013-1120 applies to Cisco Unity Express prior to version 8.0, with CSRF vulnerabilities that can allow remote attackers to hijack user authentication. The entry has a base CVSS v2 score of 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P). Remediation: OpenVAS data indicates a vendor fix (VendorFix) as the s...

6.8CVSS7.2AI score0.00577EPSS
Exploits5References1Affected Software2
Cvelist
Cvelistadded 2013/02/06 11:0 a.m.13 views

CVE-2013-1120

Multiple cross-site request forgery CSRF vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910...

7.1AI score0.00577EPSS
Exploits5References1
OpenVAS
OpenVASadded 2013/02/06 12:0 a.m.23 views

Cisco Unity Express Multiple XSS and CSRF Vulnerabilities (Cisco-SA-20130201-CVE-2013-1114, Cisco-SA-20130201-CVE-2013-1120) - Active Check

Cisco Unity Express is prone to multiple cross-site scripting XSS and cross-site request forgery CSRF vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

6.8CVSS6.3AI score0.1338EPSS
Exploits5References7
OpenVAS
OpenVASadded 2013/02/06 12:0 a.m.30 views

Cisco Unity Express Multiple XSS and CSRF Vulnerabilities

The host is installed with Cisco Unity Express and is prone to multiple cross-site scripting and request forgery vulnerabilities. OpenVAS Vulnerability Test $Id: gbciscounityexpressmultxssncsrfvuln.nasl 7585 2017-10-26 15:03:01Z cfischer $ Cisco Unity Express Multiple XSS and CSRF Vulnerabilities...

6.8CVSS0.4AI score0.1338EPSS
Exploits5References5
exploitpack
exploitpackadded 2013/02/05 12:0 a.m.19 views

Cisco Unity Express - Multiple Vulnerabilities

Cisco Unity Express - Multiple Vulnerabilities Exploit Title: Cisco Unity Express Multiple Vulnerabilities Reported: December 2012 Disclosed: February 2013 Author: Jacob Holcomb of Independent Security Evaluators CVE: XSS - CVE-2013-1114 and CSRF - CVE-2013-1120...

6.8CVSS0.8AI score0.1338EPSS
Exploits5
Rows per page
Query Builder