8 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Cisco CallManager y Unified Communications Manager (CUCM) versiones anteriores a 3.3(5)sr2b, 4.1 versiones anteriores a 4.1(3)sr5, 4.2 versiones anteriores a 4.2(3)sr2, y 4.3 versiones anteriores a 4.3(1)sr1, permite a atacantes remotos inyectar scripts web o HTML de su elección mediante la variable lang en la página de acceso de (1) usuario ó (2) administrador, también conocido como CSCsi10728. • http://secunia.com/advisories/26641 http://securitytracker.com/id?1018624 http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml http://www.securityfocus.com/bid/25480 http://www.vupen.com/english/advisories/2007/3010 https://exchange.xforce.ibmcloud.com/vulnerabilities/36325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 0%CPEs: 31EXPL: 2

Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265. Múltiples vulnerabilidades de inyección SQL en Cisco CallManager y Unified Communications Manager (CUCM) versiones anteriores a 3.3(5)sr2b, 4.1 versiones anteriores a 4.1(3)sr5, 4.2 versiones anteriores a 4.2(3)sr2, y 4.3 versiones anteriores a 4.3(1)sr1, permiten a atacantes remotos ejecutar comandos SQL de su elección mediante la variable lang en la página de acceso de (1) usuario ó (2) administrador, también conocido como CSCsi64265. • https://www.exploit-db.com/exploits/30541 http://secunia.com/advisories/26641 http://securitytracker.com/id?1018624 http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml http://www.securityfocus.com/bid/25480 http://www.vupen.com/english/advisories/2007/3010 https://exchange.xforce.ibmcloud.com/vulnerabilities/36326 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 2

Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la aplicación web de cortafuegos de Cisco CallManager anterior a 3.3(5)sr3, 4.1 anterior a 4.1(3)sr5, 4.2 anterior a 4.2(3)sr2, y 4.3 anterior a 4.3(1)sr1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro pattern a CCMAdmin/serverlist.asp (también conocido como formulario de búsqueda) y posiblemente otros vectores no especificados. • https://www.exploit-db.com/exploits/30077 http://marc.info/?l=full-disclosure&m=117993122727006&w=2 http://secunia.com/advisories/25377 http://www.cisco.com/en/US/products/products_security_response09186a0080849272.html http://www.osvdb.org/35337 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977 http://www.securityfocus.com/bid/24119 http://www.securitytracker.com/id?1018105 http://www.vupen.com/english/advisories/2007/1922 https://exchange.xforce.ibmcloud.com/vulnerabilit •

CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 5

Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Cisco CallManager v3.3 anterior a v3.3(5)SR3, v4.1 anterior a v4.1(3)SR4, v4.2 anterior a v4.2(3), y v4.3 anterior a v4.3(1), permite a atacantes remotos inyectar código web script o HTML a través de (1) parámetro pattern en ccmadmin/phonelist.asp y (2) parámetros de su elección en ccmuser/logon.asp, también conocido como bugid CSCsb68657 • https://www.exploit-db.com/exploits/28062 https://www.exploit-db.com/exploits/28061 http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047015.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047019.html http://secunia.com/advisories/20735 http://securityreason.com/securityalert/1114 http://securitytracker.com/id?1016328 http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_security_response09186a00806c0846.html http://www.fishnetsecurity.com/csirt/d •

CVSS: 5.0EPSS: 93%CPEs: 296EXPL: 2

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt http://secunia.com/advisories/15393 http://secunia.com/advisories/15417 http://secunia.com/advisories/18222 http://secunia.com/advisories/18662 http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml http:/& •