235 matches found
CVE-2009-2050
CVE-2009-2050 concerns Cisco Unified Communications Manager (CUCM, formerly CallManager). The issue allows a remote attacker to cause a denial-of-service (voice-services outage) by sending a malformed header in a SIP message (Bug CSCsi46466). Affected products are CUCM before version 6.1(1), with...
CVE-2009-2054
Cisco Unified Communications Manager aka CUCM, formerly CallManager 4.x, 5.x before 5.13g, 6.x before 6.14, 7.0 before 7.02asu1, and 7.1 before 7.12asu1 allows remote attackers to cause a denial of service file-descriptor exhaustion and SIP outage via a flood of TCP packets, aka Bug ID CSCsx23689...
Cisco CallManager / Unified Communications Manager privilege escalation
During authentication process for address book synchronization, full access account credentials are leaked to client...
Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities Advisory ID: cisco-sa-20080924-cucm http://www.cisco.com/warp/public/707/cisco-sa-20080924-cucm.shtml Revision 1.0 For Public...
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities Advisory ID: cisco-sa-20080625-cucm Revision 1.0 For Public Release 2008 June 25 1600 UTC GMT...
Cisco Unified Communications Manager多个拒绝服务漏洞
BUGTRAQ ID: 29221 CVECAN ID: CVE-2008-1744,CVE-2008-1745,CVE-2008-1746,CVE-2008-1747,CVE-2008-1748,CVE-2008-1742,CVE-2008-1743 Cisco Unified Communications Manager(CUCM,之前被称为CallManager)是Cisco IP电话解决方案中的呼叫处理组件。 CUCM中存在多个拒绝服务漏洞,可能导致语音服务中断。 以下Cisco Unified Communications Manager服务受影响: 证书信任列表(CTL)供应...
CiscoCallManager_sql_07_016.txt
Portcullis Security Advisory 07016 Vulnerable System: Cisco Unified CallManager Vulnerability Title: Multiple SQL Injections In User And Admin Interface Vulnerability discovery and development: Nico Leidecker of Portcullis Computer Security Ltd discovered this vulnerability. Further research was...
Cisco Unified Communications Manager / Cisco CallManager SQL injection
Multiple SQL injections in user and admin pages...
Sql injection
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager CUCM 5.0/5.1 before 5.13a and 6.0/6.1 before 6.11a allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the 1 admin and 2 user interface pages...
CVE-2008-0026
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager CUCM 5.0/5.1 before 5.13a and 6.0/6.1 before 6.11a allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the 1 admin and 2 user interface pages...
CVE-2008-0026
Cisco Unified CallManager/Communications Manager (CUCM) versions affected: 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a). A SQL injection vulnerability exists in the key parameter of the admin and user interface pages, allowing an authenticated remote attacker to inject SQL commands. The atta...
CVE-2008-0026
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager CUCM 5.0/5.1 before 5.13a and 6.0/6.1 before 6.11a allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the 1 admin and 2 user interface pages...
Cisco Unified Communications Manager CTL提供者堆缓冲区溢出漏洞
Cisco Unified Communications Manager(CUCM,之前被称为CallManager)是Cisco IP电话解决方案中的呼叫处理组件。 Cisco Unified Communications Manager包含的CTL Provider服务CTLProvider.exe存在设计缺陷,远程攻击者可以利用漏洞进行基于堆的缓冲区溢出攻击,可能以应用程序进程权限执行任意指令。 CTLProvider.exe服务绑定在TCP 2444端口,服务通过SSL加密传送进行操作,存在一个逻辑错误,接收到数据后进行堆分配可造成覆盖后续的堆块结构,导致任意代码执行。...
Cisco Security Advisory: Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability Advisory ID: cisco-sa-20071205-csa http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml Revision 1.0 For Public Release 2007...
CVE-2007-5537
CVE-2007-5537 affects Cisco Unified Communications Manager (CUCM, former CallManager) 5.1 before 5.1(2) and Unified CallManager 5.0. The vulnerability allows remote attackers to cause a denial of service (kernel panic) by sending a flood of SIP INVITE messages to UDP port 5060, triggering resourc...
Cisco CallManager和Openser SIP消息非授权呼叫漏洞
BUGTRAQ ID: 26057 Cisco CallManager和OpenSER都是常用的网络IP电话解决方案。 Cisco CallManager和OpenSER没有检查用户在Digest认证头中所提供的URI是否与消息的REQUEST-URI一致,这允许恶意用户从正常用户嗅探Digest认证,然后代表该用户呼叫任意扩展。 Cisco Call Manger 5.1.1.3000-5 OpenSER OpenSER 1.2.2 Cisco ----- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
Authentication flaw
Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID aka "toll fraud and authentication...
CVE-2007-5468
Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID aka "toll fraud and authentication...
CVE-2007-5468
Cisco CallManager 5.1.1.3000-5 is vulnerable because it does not verify the Digest authentication header URI against the SIP Request URI. This allows remote attackers to use sniffed Digest credentials to place arbitrary calls or spoof caller ID (toll fraud and authentication forward attack). The ...
CVE-2007-5468
Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID aka "toll fraud and authentication...