EUVD-2014-0758

Malware in sbrugna...

Cross site scripting

Cisco Unified Communications Manager UCM 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266...

Cisco Unified Communications Manager Web Management Interface Cross-Site Scripting Filter Bypass Vulnerability

A cross-site scripting XSS filter bypass vulnerability in the web management interface of Cisco Unified Communications Manager UCM versions 8.0 through 8.6 could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. The vulnerability is due to a...

Sql injection

SQL injection vulnerability in the Interactive Voice Response IVR component in Cisco Unified Communications Manager UCM 10.51.98991.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563...

CVE-2015-0699

SQL injection vulnerability in the Interactive Voice Response IVR component in Cisco Unified Communications Manager UCM 10.51.98991.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563...

CVE-2015-0684

SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.14 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515...

CVE-2014-3363

CVE-2014-3363 is an XSS vulnerability in Cisco Unified Communications Manager (UCM) web framework, affecting version 9.1(2.10000.28). It allows an authenticated, remote attacker to inject arbitrary web script or HTML via an unspecified parameter. The root cause is insufficient validation of the p...

CVE-2014-0727

SQL injection vulnerability in the CallManager Interactive Voice Response CMIVR interface in Cisco Unified Communications Manager UCM allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318...

CVE-2014-0728

SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager UCM 10.01 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313...

Authentication flaw

Cisco Unified Communications Manager UCM does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337...

Authentication flaw

The log4jinit web application in Cisco Unified Communications Manager UCM does not properly validate authentication, which allows remote attackers to cause a denial of service performance degradation via unspecified use of this application, aka Bug ID CSCum05347...

CVE-2014-0723

Cisco IP Manager Assistant (IPMA) within Cisco Unified Communications Manager (UCM) suffers a cross-site scripting (XSS) vulnerability. The issue stems from insufficient input validation in the IPMA web interface, allowing an unauthenticated, remote attacker to craft a URL that injects arbitrary ...