34 matches found
EUVD-2006-3587
Malware in sbrugna...
EUVD-2006-3588
Malware in sbrugna...
EUVD-2006-3589
Malware in sbrugna...
EUVD-2007-1820
Malware in sbrugna...
EUVD-2007-1827
Malware in sbrugna...
EUVD-2007-1828
Malware in sbrugna...
EUVD-2008-0039
Malware in sbrugna...
EUVD-2006-5538
Malware in sbrugna...
ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability
ZDI-11-143formerly ZDI-CAN-965: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-143 April 28, 2011 -- CVE ID: CVE-2011-1610 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Cisco -- Affected Products: Cisco...
Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability
This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Cisco Unified CM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Call Manager component. The system exposes an Apache...
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities Advisory ID: cisco-sa-20080625-cucm Revision 1.0 For Public Release 2008 June 25 1600 UTC GMT...
Sql injection
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager CUCM 5.0/5.1 before 5.13a and 6.0/6.1 before 6.11a allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the 1 admin and 2 user interface pages...
CVE-2008-0026
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager CUCM 5.0/5.1 before 5.13a and 6.0/6.1 before 6.11a allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the 1 admin and 2 user interface pages...
CVE-2008-0026
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager CUCM 5.0/5.1 before 5.13a and 6.0/6.1 before 6.11a allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the 1 admin and 2 user interface pages...
CVE-2008-0026
Cisco Unified CallManager/Communications Manager (CUCM) versions affected: 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a). A SQL injection vulnerability exists in the key parameter of the admin and user interface pages, allowing an authenticated remote attacker to inject SQL commands. The atta...
Cisco Unified Communications Manager CTL提供者堆缓冲区溢出漏洞
Cisco Unified Communications Manager(CUCM,之前被称为CallManager)是Cisco IP电话解决方案中的呼叫处理组件。 Cisco Unified Communications Manager包含的CTL Provider服务CTLProvider.exe存在设计缺陷,远程攻击者可以利用漏洞进行基于堆的缓冲区溢出攻击,可能以应用程序进程权限执行任意指令。 CTLProvider.exe服务绑定在TCP 2444端口,服务通过SSL加密传送进行操作,存在一个逻辑错误,接收到数据后进行堆分配可造成覆盖后续的堆块结构,导致任意代码执行。...
Cisco Security Advisory: Vulnerability In Crypto Library
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Vulnerability In Crypto Library Advisory ID: cisco-sa-20070522-crypto.shtml http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml Revision 1.0 For Public Release 2007 May 22 1300 UTC GMT -...
Code injection
The Skinny Call Control Protocol SCCP implementation in Cisco Unified CallManager CUCM 3.3 before 3.35SR2a, 4.1 before 4.13SR4, 4.2 before 4.23SR1, and 5.0 before 5.04aSU1 allows remote attackers to cause a denial of service loss of voice services by sending crafted packets to the 1 SCCP 2000/tcp...
Design/Logic Flaw
Cisco Unified CallManager CUCM 5.0 before 5.04aSU1 and Cisco Unified Presence Server CUPS 1.0 before 1.03 allow remote attackers to cause a denial of service loss of voice services via a flood of ICMP echo requests, aka bug ID CSCsf12698...
CVE-2007-1834
CVE-2007-1834 affects Cisco Unified CallManager (CUCM) 5.0 prior to 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 prior to 1.0(3). The vulnerability allows unauthenticated, remote attackers to cause a denial of service (loss of voice services) by sending a flood of ICMP echo requests. R...