16 matches found
EUVD-2010-0617
Malware in sbrugna...
Concrete5 CME v9.1.3 - Xpath injection
Exploit Title: Concrete5 CME v9.1.3 - Xpath injection Author: nu11secur1ty Date: 11.28.2022 Vendor: https://www.concretecms.org/ Software: https://www.concretecms.org/download Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3...
Concrete5 CME v9.1.3 - Xpath injection Vulnerability
Exploit Title: Concrete5 CME v9.1.3 - Xpath injection Author: nu11secur1ty Vendor: https://www.concretecms.org/ Software: https://www.concretecms.org/download Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3 Description: The URL...
cme-eyewear.com Cross Site Scripting vulnerability OBB-2375415
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
cme-uccle.be XSS vulnerability
Open Bug Bounty ID: OBB-698155 Description| Value ---|--- Affected Website:| cme-uccle.be Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden unt...
CVE-2017-6624
CVE-2017-6624 affects Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME). The issue stems from a configuration restriction in the toll-fraud protections component, allowing an unauthenticated, remote attacker to place unauthorized long-distance calls via an affected system. Connected...
tracking.cme-congresses.com XSS vulnerability
Vulnerable URL: http://tracking.cme-congresses.com/tracking/reportspam?msgid=dR65qo6e22hk2T5hTYwCpw2=" Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...
Report: NASDAQ Hackers Spied On Corporate Directors
The hackers who compromised systems belonging to the NASDAQ stock market last year were able to install monitoring software that allowed them to spy on the doings of corporate directors, Reuters is reporting. The news adds critical details to the story of an October, 2010, compromise of Director’...
FBI: Employee Passed Chicago Mercantile Exchange Secrets to China
A 10 year employee of CME Group in Chicago is alleged to have stolen trade secrets and proprietary source code used to run trading systems for the Chicago Mercantile Exchange, according to a criminal complaint filed in U.S. District Court in Illinois. The complaint, dated June 30, 2011 and signed...
CVE-2009-5040
CVE-2009-5040 affects Cisco CallManager Express (CME) on Cisco IOS prior to 15.0(1)XA. The issue allows remote authenticated users to trigger a denial-of-service (device crash) by interacting with the SNR-number change menu using an Extension Mobility (EM) phone. Root cause is not detailed beyond...
CVE-2010-4686
Cisco IOS CME (CallManager Express) vulnerability CVE-2010-4686 affects CME up to version 15.0(1)XA1 and is triggered by SIP TRUNK traffic with rate bursts and a peculiar request size. The underlying cause is improper handling of such traffic, leading to memory consumption and remote denial of se...
Design/Logic Flaw
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express CME or Cisco Unified Survivable Remote Site Telephony SRST is enabled, allows remote attackers to cause a denial of service device reload via a malformed Skinny Client Control Protocol SCCP message, aka Bug ID...
CVE-2010-0586
CVE-2010-0586 affects Cisco IOS 12.1–12.4 when Cisco Unified CME or SRST is enabled; a malformed SCCP message can trigger a denial-of-service resulting in a device reload. The vulnerability exists in the SCCP message handling within CME/SRST-enabled IOS platforms and can be exploited remotely ove...
CVE-2010-0585
CVE-2010-0585 (and related CVE-2010-0586) affect Cisco IOS 12.1–12.4 with CME/SRST enabled. A malformed SCCP message can cause a device reload (DoS). Cisco’s advisory and security notes identify two DoS bugs (CSCsz48614 and CSCsz49741) and list vulnerable releases alongside first fixed versions. ...
Cisco Unified Communications Manager Express Denial of Service Vulnerabilities
Devices running Cisco IOS® Software and configured for Cisco Unified Communications Manager Express CME or Cisco Unified Survivable Remote Site Telephony SRST operation are affected by two denial of service vulnerabilities that may result in a device reload if successfully exploited. The...
CVE-2005-0186
CVE-2005-0186 affects Cisco IOS releases 12.1YD, 12.2T, 12.3 and 12.3T when ITS/CME/SRST are active. A malformed SCCP control message can trigger a device reboot (DoS). Answer: vulnerable component is IOS Telephony Service/CME/SRST handling of SCCP; root cause is malformed control protocol messag...