18 matches found
CVE-2005-0356
CVE-2005-0356 affects F5 BIG-IP BIG-IP LTM 9.0.0–9.0.5; other listed BIG-IP lines are not affected (e.g., 9.1.x, 9.2.x, 9.3.x, 9.4.x, 9.6.x are Not Affected). The issue is described as inadequate validation for TCP segments with PAWS/timestamps, enabling a remote attacker to cause a denial of ser...
CVE-2004-0079
The connected documents confirm CVE-2004-0079: in OpenSSL 0.9.6c–0.9.6k and 0.9.7a–0.9.7c, a crafted SSL/TLS handshake can trigger a null dereference in do_change_cipher_spec, causing a denial of service (crash). Remediation is to apply patched/OpenSSL releases per advisories (e.g., CentOS adviso...
CVE-2004-0081
CVE-2004-0081 affects OpenSSL 0.9.6 prior to 0.9.6d. The issue is that OpenSSL does not properly handle unknown TLS/SSL message types, enabling a remote attacker to trigger a denial of service via an infinite loop (demonstrated with the Codenomicon TLS Test Tool). Impact is a network-based DoS; e...
CVE-2004-0112
The CVE-2004-0112 issue affects OpenSSL 0.9.7a/b/c: during the SSL/TLS handshake, the Kerberos ciphersuite path fails to validate the Kerberos ticket length, enabling a remote attacker to cause a denial-of-service by triggering an out-of-bounds read. Public sources in connected documents confirm ...
CVE-2006-0368
CVE-2006-0368 affects Cisco CallManager versions 3.2 and earlier; 3.3 before 3.3(5)SR1; 4.0 before 4.0(2a)SR2c; and 4.1 before 4.1(3)SR2. It enables remote attackers to cause denial of service by opening a large number of TCP connections to port 2000 (CPU/memory consumption) and to ports 2001, 20...
CVE-2007-4633
Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) affect versions before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1. The issue allows remote attackers to inject arbitrary web script or HTML via ...
CVE-2007-1467
The CVE-2007-1467 entry describes multiple cross-site scripting (XSS) vulnerabilities affecting Cisco Secure Access Control Server and related Cisco products. The root issue is insufficient input filtering in the search form used by PreSearch.html and PreSearch.class, allowing remote attackers to...
CVE-2007-2832
Cisco CallManager web interface (Cisco CallManager 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1) is affected by a cross-site scripting (XSS) vulnerability. The root cause is insufficient sanitization of input to the CCMAdmin/serverlist.asp (the search-form) and ...
CVE-2005-2243
Cisco CallManager (CCM) memory leak: inetinfo.exe vulnerability affects CCM v3.2 and earlier, v3.3 before 3.3(5), v4.0 before 4.0(2a)SR2b, and v4.1 before 4.1(3)SR1, with MLA enabled. Remote attackers can cause memory exhaustion/DoS by triggering a large number of failing Admin Service Tool (AST)...
CVE-2007-4634
CVE-2007-4634 affects Cisco CallManager and Unified Communications Manager (CUCM). The vulnerability is a SQL injection in the lang parameter on the (1) user and (2) admin logon pages (aka CSCsi64265). Affected versions include CUCM before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, a...
CVE-2005-2241
Cisco CVE-2005-2241 affects Cisco CallManager (CCM) versions 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 before 4.1(3)SR1. The issue arises from RISDC sockets not timing out promptly, causing a resource leak that can allow remote attackers to exhaust memory and connections...
CVE-2006-0367
CVE-2006-0367 affects Cisco CallManager up to versions 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2. The issue is a privilege-escalation vulnerability where remote authenticated users with read-only administrative privileges can obtain full admin privile...
CVE-2006-3109
Cisco CallManager suffers a cross-site scripting (XSS) vulnerability in the Administration and User Options web interfaces. Affected versions are 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1). The issue stems from improper input sanitization in ccmadmin/phon...
CVE-2004-1759
Cisco voice products running the IBM Director Agent on IBM servers prior to OS 2000.2.6 are affected by CVE-2004-1759. The issue allows remote attackers to cause a denial of service (CPU consumption) by sending arbitrary packets to TCP port 14247, demonstrated via port scanning. The provided docu...
CVE-2005-2244
The CVE-2005-2244 entry concerns Cisco CallManager (CCM) prior to certain 3.x/4.x releases, where the aupair.exe service is vulnerable. A crafted packet can trigger a memory allocation failure, leading to a buffer overflow and allowing remote code execution or memory corruption. Affected products...
CVE-2007-5468
Cisco CallManager 5.1.1.3000-5 is vulnerable because it does not verify the Digest authentication header URI against the SIP Request URI. This allows remote attackers to use sniffed Digest credentials to place arbitrary calls or spoof caller ID (toll fraud and authentication forward attack). The ...
CVE-2004-1760
The CVE-2004-1760 entry covers unauthenticated remote admin access on Cisco voice products running the IBM Director Agent on IBM servers before OS 2000.2.6. The vulnerability allows an attacker to gain administrator privileges by connecting to TCP port 14247. The description specifies the affecte...
CVE-2002-0505
CVE-2002-0505 concerns Cisco CallManager CTI Framework authentication. A memory leak when authentication fails (e.g., incorrect CTI/CTIFW credentials) can cause the server to crash and reload, enabling a DoS. Affected products: Cisco CallManager 3.0 and 3.1. The documented fix is to upgrade to 3....