Lucene search
K

65 matches found

NVD
NVD
added 2015/04/03 10:59 a.m.19 views

CVE-2015-0684

SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.14 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515...

6.5CVSS7.9AI score0.01361EPSS
Exploits0References2
Cvelist
Cvelist
added 2014/09/12 1:0 a.m.22 views

CVE-2014-3363

Cross-site scripting XSS vulnerability in the web framework in Cisco Unified Communications Manager UCM 9.12.10000.28 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443...

5.3AI score0.01543EPSS
Exploits0References6
CVE
CVE
added 2014/09/12 1:0 a.m.50 views

CVE-2014-3363

CVE-2014-3363 is an XSS vulnerability in Cisco Unified Communications Manager (UCM) web framework, affecting version 9.1(2.10000.28). It allows an authenticated, remote attacker to inject arbitrary web script or HTML via an unspecified parameter. The root cause is insufficient validation of the p...

3.5CVSS5.5AI score0.01543EPSS
Exploits0References6Affected Software1
ThreatPost
ThreatPost
added 2014/07/03 9:52 a.m.11 views

Cisco Patches Hardcoded SSH Key Vulnerability in UCM

The Cisco Unified Communications Domain Manager contains a default private SSH key that could allow an attacker to run arbitrary code on vulnerable installations. The bug is about as serious as they come, giving remote, unauthenticated attackers access to affected machines with the rights of a ro...

1AI score
Exploits0References1
seebug.org
seebug.org
added 2014/02/21 12:0 a.m.21 views

Cisco Unified Communications Manager Java类文件信息泄漏漏洞

Bugtraq ID:65644 CVE ID:CVE-2014-0731 Cisco Unified Communications Manager是一款Cisco IP电话解决方案中的呼叫处理组件。 Cisco Unified Communications Manager管理接口不正确执行正确的验证,允许远程攻击者利用漏洞访问UCM管理接口中特定的URL,未授权访问部分Java类文件。 0 Cisco Unified Communications Manager 10.01.10000.3 目前没有详细解决方案提供:...

5CVSS6.6AI score0.01903EPSS
Exploits1
NVD
NVD
added 2014/02/13 5:24 a.m.18 views

CVE-2014-0727

SQL injection vulnerability in the CallManager Interactive Voice Response CMIVR interface in Cisco Unified Communications Manager UCM allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318...

7.5CVSS8.2AI score0.0126EPSS
Exploits0References4
NVD
NVD
added 2014/02/13 5:24 a.m.20 views

CVE-2014-0725

Cisco Unified Communications Manager UCM does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337...

5CVSS6.5AI score0.01277EPSS
Exploits0References1
NVD
NVD
added 2014/02/13 5:24 a.m.19 views

CVE-2014-0728

SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager UCM 10.01 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313...

7.5CVSS8.3AI score0.01962EPSS
Exploits0References4
NVD
NVD
added 2014/02/13 5:24 a.m.20 views

CVE-2014-0722

The log4jinit web application in Cisco Unified Communications Manager UCM does not properly validate authentication, which allows remote attackers to cause a denial of service performance degradation via unspecified use of this application, aka Bug ID CSCum05347...

5CVSS6.7AI score0.01949EPSS
Exploits0References1
Prion
Prion
added 2014/02/13 5:24 a.m.19 views

Authentication flaw

The log4jinit web application in Cisco Unified Communications Manager UCM does not properly validate authentication, which allows remote attackers to cause a denial of service performance degradation via unspecified use of this application, aka Bug ID CSCum05347...

5CVSS7.1AI score0.01949EPSS
Exploits0References1
Prion
Prion
added 2014/02/13 5:24 a.m.17 views

Sql injection

SQL injection vulnerability in the CallManager Interactive Voice Response CMIVR interface in Cisco Unified Communications Manager UCM allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318...

7.5CVSS8.9AI score0.0126EPSS
Exploits0References4
Prion
Prion
added 2014/02/13 5:24 a.m.22 views

Authentication flaw

Cisco Unified Communications Manager UCM does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337...

5CVSS6.9AI score0.01277EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/02/13 2:0 a.m.22 views

CVE-2014-0723

Cross-site scripting XSS vulnerability in the IP Manager Assistant IPMA interface in Cisco Unified Communications Manager UCM allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343...

5.6AI score0.01161EPSS
Exploits0References4
CVE
CVE
added 2014/02/13 2:0 a.m.52 views

CVE-2014-0726

Cisco Unified Communications Manager IP Manager Assistant (IPMA) suffers a blind SQL injection vulnerability that allows remote, unauthenticated attackers to execute arbitrary SQL via crafted URLs. Affected product/version: UCM 10.0(1) and earlier; root cause is lack of input validation within SQ...

7.5CVSS8.6AI score0.0126EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/02/13 2:0 a.m.24 views

CVE-2014-0728

SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager UCM 10.01 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313...

8.3AI score0.01962EPSS
Exploits0References4
CVE
CVE
added 2014/02/13 2:0 a.m.63 views

CVE-2014-0723

Cisco IP Manager Assistant (IPMA) within Cisco Unified Communications Manager (UCM) suffers a cross-site scripting (XSS) vulnerability. The issue stems from insufficient input validation in the IPMA web interface, allowing an unauthenticated, remote attacker to craft a URL that injects arbitrary ...

4.3CVSS5.8AI score0.01161EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2014/02/13 2:0 a.m.58 views

CVE-2014-0727

Cisco Unified Communications Manager (UCM) CMIVR interface is affected by a SQL injection vulnerability (CVE-2014-0727) that can be exploited remotely by unauthenticated attackers via crafted URLs to execute arbitrary SQL commands. The root cause is insufficient input validation in SQL queries wi...

7.5CVSS8.5AI score0.0126EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2014/02/13 2:0 a.m.54 views

CVE-2014-0725

CVE-2014-0725 affects Cisco Unified Communications Manager (UCM). A vulnerability due to missing authentication allows an unauthenticated, remote attacker to access WAR files stored in a file storage location, potentially exposing sensitive information contained in those files. Cisco’s advisory n...

5CVSS6.6AI score0.01277EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2014/02/13 2:0 a.m.47 views

CVE-2014-0729

Cisco’s advisory confirms a Blind SQL Injection in the Enterprise Mobility Application (EMApp) interface of Cisco Unified Communications Manager (UCM). The root cause is a failure to validate user-supplied input used to build SQL queries, enabling an unauthenticated, remote attacker to exfiltrate...

7.5CVSS8.5AI score0.01247EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2014/02/13 2:0 a.m.52 views

CVE-2014-0724

Cisco Unified Communications Manager (UCM) bulk administration interface (affected: 10.0(1) and earlier) is affected by an authentication bypass leading to arbitrary file read via an unspecified prompt. Root cause: insufficient input validation in the bulk admin prompt flow. Impact: authenticated...

4CVSS7.3AI score0.01031EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder