CVE-2019-1911 – Cisco Unified Communications Domain Manager Restricted Shell Escape Vulnerability
https://notcve.org/view.php?id=CVE-2019-1911
A vulnerability in the CLI of Cisco Unified Communications Domain Manager (Cisco Unified CDM) Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could exploit this vulnerability by executing crafted commands in the shell. A successful exploit could allow the attacker to escape the restricted shell and access commands in the context of the restricted shell user, which does not have root privileges. Una vulnerabilidad en la CLI del software Communications Domain Manager de Cisco Unified (CDM de Cisco Unified), podría permitir a un atacante local identificado escapar del shell restringido. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucdm-rsh • CWE-216: DEPRECATED: Containment Errors (Container Errors) •
CVE-2015-6404
https://notcve.org/view.php?id=CVE-2015-6404
Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374. Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) no usa RBAC, lo que permite a usuarios remotos autenticados obtener información sensible de credenciales mediante el aprovechamiento de acceso de administrador y hacer solicitudes API de SOAP, también conocido como Bug ID CSCuw84374. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-hcm http://www.securityfocus.com/bid/78874 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-6352
https://notcve.org/view.php?id=CVE-2015-6352
Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891. Cisco Unified Communications Domain Manager en versiones anteriores a 10.6(1) proporciona diferentes mensajes de error para intentos de acceso al nombre de ruta dependiendo de si el nombre de ruta existe, lo que permite a atacantes remotos mapear un sistema de archivos a través de una serie de peticiones, tambien conocida como Bug ID CSCut67891. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-ucd http://www.securityfocus.com/bid/77341 http://www.securitytracker.com/id/1034022 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-4260
https://notcve.org/view.php?id=CVE-2015-4260
Cross-site scripting (XSS) vulnerability in Cisco Hosted Collaboration Solution 10.6(1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu14862. Vulnerabilidad de XSS en Cisco Hosted Collaboration Solution, permite a atacantes inyectar secuencias de comandos web arbitrarios o HTML a través de la manipulación de un valor en una Url, también conocido como Bug ID CSCuu14862 • http://tools.cisco.com/security/center/viewAlert.x?alertId=39804 http://www.securitytracker.com/id/1032840 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-0750
https://notcve.org/view.php?id=CVE-2015-0750
The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786. La interfaz web administrativa en Cisco Hosted Collaboration Solution (HCS) 10.6(1) y anteriores permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de entradas manipuladas en campos no especificados, también conocido como Bug ID CSCut02786. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38969 • CWE-264: Permissions, Privileges, and Access Controls •