CVE-2014-2145

Cisco Unity Connection contains a directory traversal vulnerability in its messaging API (CVE-2014-2145). An authenticated, remote attacker can read arbitrary files by exploiting insufficient input filtering and relaxed restrictions on file types beyond .wav, via the audio/x-wav MIME type. Impact...