65 matches found
CVE-2015-0684
SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.14 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515...
CVE-2014-3363
Cross-site scripting XSS vulnerability in the web framework in Cisco Unified Communications Manager UCM 9.12.10000.28 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443...
CVE-2014-3363
CVE-2014-3363 is an XSS vulnerability in Cisco Unified Communications Manager (UCM) web framework, affecting version 9.1(2.10000.28). It allows an authenticated, remote attacker to inject arbitrary web script or HTML via an unspecified parameter. The root cause is insufficient validation of the p...
Cisco Patches Hardcoded SSH Key Vulnerability in UCM
The Cisco Unified Communications Domain Manager contains a default private SSH key that could allow an attacker to run arbitrary code on vulnerable installations. The bug is about as serious as they come, giving remote, unauthenticated attackers access to affected machines with the rights of a ro...
Cisco Unified Communications Manager Java类文件信息泄漏漏洞
Bugtraq ID:65644 CVE ID:CVE-2014-0731 Cisco Unified Communications Manager是一款Cisco IP电话解决方案中的呼叫处理组件。 Cisco Unified Communications Manager管理接口不正确执行正确的验证,允许远程攻击者利用漏洞访问UCM管理接口中特定的URL,未授权访问部分Java类文件。 0 Cisco Unified Communications Manager 10.01.10000.3 目前没有详细解决方案提供:...
CVE-2014-0727
SQL injection vulnerability in the CallManager Interactive Voice Response CMIVR interface in Cisco Unified Communications Manager UCM allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318...
CVE-2014-0725
Cisco Unified Communications Manager UCM does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337...
CVE-2014-0728
SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager UCM 10.01 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313...
CVE-2014-0722
The log4jinit web application in Cisco Unified Communications Manager UCM does not properly validate authentication, which allows remote attackers to cause a denial of service performance degradation via unspecified use of this application, aka Bug ID CSCum05347...
Authentication flaw
The log4jinit web application in Cisco Unified Communications Manager UCM does not properly validate authentication, which allows remote attackers to cause a denial of service performance degradation via unspecified use of this application, aka Bug ID CSCum05347...
Sql injection
SQL injection vulnerability in the CallManager Interactive Voice Response CMIVR interface in Cisco Unified Communications Manager UCM allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318...
Authentication flaw
Cisco Unified Communications Manager UCM does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337...
CVE-2014-0723
Cross-site scripting XSS vulnerability in the IP Manager Assistant IPMA interface in Cisco Unified Communications Manager UCM allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343...
CVE-2014-0726
Cisco Unified Communications Manager IP Manager Assistant (IPMA) suffers a blind SQL injection vulnerability that allows remote, unauthenticated attackers to execute arbitrary SQL via crafted URLs. Affected product/version: UCM 10.0(1) and earlier; root cause is lack of input validation within SQ...
CVE-2014-0728
SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager UCM 10.01 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313...
CVE-2014-0723
Cisco IP Manager Assistant (IPMA) within Cisco Unified Communications Manager (UCM) suffers a cross-site scripting (XSS) vulnerability. The issue stems from insufficient input validation in the IPMA web interface, allowing an unauthenticated, remote attacker to craft a URL that injects arbitrary ...
CVE-2014-0727
Cisco Unified Communications Manager (UCM) CMIVR interface is affected by a SQL injection vulnerability (CVE-2014-0727) that can be exploited remotely by unauthenticated attackers via crafted URLs to execute arbitrary SQL commands. The root cause is insufficient input validation in SQL queries wi...
CVE-2014-0725
CVE-2014-0725 affects Cisco Unified Communications Manager (UCM). A vulnerability due to missing authentication allows an unauthenticated, remote attacker to access WAR files stored in a file storage location, potentially exposing sensitive information contained in those files. Cisco’s advisory n...
CVE-2014-0729
Cisco’s advisory confirms a Blind SQL Injection in the Enterprise Mobility Application (EMApp) interface of Cisco Unified Communications Manager (UCM). The root cause is a failure to validate user-supplied input used to build SQL queries, enabling an unauthenticated, remote attacker to exfiltrate...
CVE-2014-0724
Cisco Unified Communications Manager (UCM) bulk administration interface (affected: 10.0(1) and earlier) is affected by an authentication bypass leading to arbitrary file read via an unspecified prompt. Root cause: insufficient input validation in the bulk admin prompt flow. Impact: authenticated...