25 matches found
EUVD-2007-1820
Malware in sbrugna...
EUVD-2006-3589
Malware in sbrugna...
EUVD-2007-1828
Malware in sbrugna...
EUVD-2007-1827
Malware in sbrugna...
EUVD-2008-0039
Malware in sbrugna...
EUVD-2006-3588
Malware in sbrugna...
EUVD-2006-3587
Malware in sbrugna...
ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability
ZDI-11-143formerly ZDI-CAN-965: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-143 April 28, 2011 -- CVE ID: CVE-2011-1610 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Cisco -- Affected Products: Cisco...
Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability
This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Cisco Unified CM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Call Manager component. The system exposes an Apache...
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities Advisory ID: cisco-sa-20080625-cucm Revision 1.0 For Public Release 2008 June 25 1600 UTC GMT...
CVE-2008-0026
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager CUCM 5.0/5.1 before 5.13a and 6.0/6.1 before 6.11a allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the 1 admin and 2 user interface pages...
Sql injection
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager CUCM 5.0/5.1 before 5.13a and 6.0/6.1 before 6.11a allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the 1 admin and 2 user interface pages...
CVE-2008-0026
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager CUCM 5.0/5.1 before 5.13a and 6.0/6.1 before 6.11a allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the 1 admin and 2 user interface pages...
Cisco Unified Communications Manager CTL提供者堆缓冲区溢出漏洞
Cisco Unified Communications Manager(CUCM,之前被称为CallManager)是Cisco IP电话解决方案中的呼叫处理组件。 Cisco Unified Communications Manager包含的CTL Provider服务CTLProvider.exe存在设计缺陷,远程攻击者可以利用漏洞进行基于堆的缓冲区溢出攻击,可能以应用程序进程权限执行任意指令。 CTLProvider.exe服务绑定在TCP 2444端口,服务通过SSL加密传送进行操作,存在一个逻辑错误,接收到数据后进行堆分配可造成覆盖后续的堆块结构,导致任意代码执行。...
Design/Logic Flaw
Cisco Unified CallManager CUCM 5.0 before 5.04aSU1 and Cisco Unified Presence Server CUPS 1.0 before 1.03 allow remote attackers to cause a denial of service loss of voice services via a flood of ICMP echo requests, aka bug ID CSCsf12698...
CVE-2007-1834
Cisco Unified CallManager CUCM 5.0 before 5.04aSU1 and Cisco Unified Presence Server CUPS 1.0 before 1.03 allow remote attackers to cause a denial of service loss of voice services via a flood of ICMP echo requests, aka bug ID CSCsf12698...
CVE-2007-1834
CVE-2007-1834 affects Cisco Unified CallManager (CUCM) 5.0 prior to 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 prior to 1.0(3). The vulnerability allows unauthenticated, remote attackers to cause a denial of service (loss of voice services) by sending a flood of ICMP echo requests. R...
Code injection
Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager CUCM 5.0 before 5.04aSU1 and Cisco Unified Presence Server CUPS 1.0 before 1.03 allows remote attackers to cause a denial of service loss of cluster services via a "specific UDP packet" to UDP port 8500, aka bug ...
Cisco Unified CallManager和Unified Server多个拒绝服务漏洞
Cisco Unified CallManager提供了一种可扩展、可分布和高可用的企业IP电话呼叫处理解决方案。 Cisco Unified CallManager CUCM和Cisco Unified Presence Server CUPS存在多个安全问题,远程攻击者可以利用漏洞对服务程序进行拒绝服务攻击。 具体问题如下: - SCCP/SCCPS端口扫描拒绝服务 Skinny Call Control Protocol SCCP协议是Cisco私有语音协议,用于CallManager系统和IP电话的呼叫管理。SCCP使用TCP 2000进行通信,运行在TCP...
CVE-2006-3594
CVE-2006-3594 refers to a buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1)–5.0(3a) that lets remote attackers execute arbitrary code via a long hostname in a SIP request (bug CSCsd96542). The issue affects CUCM and is ranked HIGH with CVSS v2 base score 7.5, vector AV:N/AC:L/Au:N/C:P/I:...