65 matches found
EUVD-2002-0501
Malware in sbrugna...
EUVD-2005-2243
Malware in sbrugna...
EUVD-2005-2244
Malware in sbrugna...
EUVD-2006-0375
Malware in sbrugna...
EUVD-2006-0374
Malware in sbrugna...
EUVD-2007-5443
Malware in sbrugna...
EUVD-2007-4615
Malware in sbrugna...
EUVD-2007-4616
Malware in sbrugna...
Cisco CallManager 3.x/4.x Web Interface ccmuser/logon.asp XSS
No description provided by source. source: http://www.securityfocus.com/bid/18504/info Cisco CallManager is prone to a cross-site scripting vulnerability. This issue is due to a failure in the web-interface to properly sanitize user-supplied input. An attacker may leverage this issue to have...
Cisco CallManager 1.0/2.0/3.x/4.0 CTI Manager Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14251/info The CallManager CTI Manager service is susceptible to a remote denial of service vulnerability. This issue is documented in Cisco bug CSCee00116, which is available to Cisco customers. This issue may be exploit...
Cisco CallManager / Unified Communications Manager privilege escalation
During authentication process for address book synchronization, full access account credentials are leaked to client...
CiscoCallManager_sql_07_016.txt
Portcullis Security Advisory 07016 Vulnerable System: Cisco Unified CallManager Vulnerability Title: Multiple SQL Injections In User And Admin Interface Vulnerability discovery and development: Nico Leidecker of Portcullis Computer Security Ltd discovered this vulnerability. Further research was...
Authentication flaw
Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID aka "toll fraud and authentication...
Cisco CallManager / OpenSer authentication relaying attacks
Insufficient Digest authentication validation allows active man-in-the-middle to access resources unrequested by client...
CVE-2007-4633
Multiple cross-site scripting XSS vulnerabilities in Cisco CallManager and Unified Communications Manager CUCM before 3.35sr2b, 4.1 before 4.13sr5, 4.2 before 4.23sr2, and 4.3 before 4.31sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the 1 user or 2 adm...
CVE-2007-4634
Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager CUCM before 3.35sr2b, 4.1 before 4.13sr5, 4.2 before 4.23sr2, and 4.3 before 4.31sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the 1 user or 2 admin logon page, a...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Cisco CallManager and Unified Communications Manager CUCM before 3.35sr2b, 4.1 before 4.13sr5, 4.2 before 4.23sr2, and 4.3 before 4.31sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the 1 user or 2 adm...
Sql injection
Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager CUCM before 3.35sr2b, 4.1 before 4.13sr5, 4.2 before 4.23sr2, and 4.3 before 4.31sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the 1 user or 2 admin logon page, a...
CVE-2007-4634
Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager CUCM before 3.35sr2b, 4.1 before 4.13sr5, 4.2 before 4.23sr2, and 4.3 before 4.31sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the 1 user or 2 admin logon page, a...
Cisco CallManager crossite scripting and SQL injection
Crossite scripting via /CCMAdmin/serverlist.asp. SQL injection with /CCMUser/logon.asp...