Page 10 of 80 results (0.013 seconds)

CVSS: 7.8EPSS: 85%CPEs: 75EXPL: 1

Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049. Vulnerabilidad de salto de directorio en Cisco Unified Communications Manager (CUCM) v5.x y v6.x anterior v6.1(5)SU2, v7.x anterior v7.1(5b)SU2 y v8.x anterior v8.0(3), y Cisco Unified Contact Center Express (también conocido como Unified CCX o UCCX) y Cisco Unified IP Interactive Voice Response (Unified IP-IVR) anterior a v6.0(1)SR1ES8, v7.0(x) anterior a v7.0(2)ES1, v8.0(x) hasta v8.0(2)SU3, y v8.5(x) anterior a v8.5(1)SU2, permite a atacantes remotos leer ficheros arbitrarios mediante una URL especialmente diseñada, también conocido como Bug IDs CSCth09343 y CSCts44049. • https://www.exploit-db.com/exploits/36256 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 1%CPEs: 74EXPL: 0

Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686. Una vulnerabilidad de pérdida de memoria en Cisco IOS v12.4, v15.0 y v15.1, Cisco IOS XE v2.5.x hasta v3.2.x, y Cisco Unified Communications Manager (CUCM) v6.x y v7.x antes de v7.1(5b)SU4, v8.x antes de v8.5(1)su2, y v8.6 antes de v8.6(1) permite a atacantes remotos causar una denegación de servicio (consumo de memoria y reinicio del dispositivo o fallo de procesos) a través de un mensaje SIP mal formado. Se trata de un problema también conocido como Bug ID CSCtl86047 y CSCto88686. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm http://tools.cisco.com/security/center/viewAlert.x?alertId=24129 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d58.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d5a.shtml http://www.securitytracker.com/id?1026110 • CWE-399: Resource Management Errors •

CVSS: 7.8EPSS: 0%CPEs: 48EXPL: 0

Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256. Vulnerabilidad no especificada en Cisco Unified Communications Manager (también conocido como CUCM, CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5b)su3, v8.x antes de v8.0(3a)su1, y v8.5 antes de v8.5(1), permite a atacantes remotos provocar una denegación de servicio (interrupción del servicio) a través de un mensaje SIP INVITE, también conocido como Bug ID CSCth43256 • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml •

CVSS: 10.0EPSS: 0%CPEs: 69EXPL: 0

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833. Cisco Unified Communications Manager (también conocido como CUCM o formerly CallManager) v6.x, v7.x antes de v7.1(5b)su4, v8.0, y v8.5 antes de v8.5(1)su2 y Cisco Unified Presence Server v6.x, v7.x, v8.0, y v8.5 antes de v8.5xnr, permite a atacantes remotos leer datos de la base de datos conectandose a la interfaz de consulta a través de una sesión SSL, también conocido como Bug IDs CSCti81574, CSCto63060, CSCto72183 y CSCto73833. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f532.shtml • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 46EXPL: 0

Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603. Vulnerabilidad de salto de directorio en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su3, 7.x antes de 7.1 (5b) SU3, 8.0 antes de 8.0 (3 bis) su1, y 8.5 antes de 8.5 (1) permite a usuarios autenticados remotamente subir archivos a directorios de su elección a través de una ruta modificada en una petición de subida, también conocido como Bug ID CSCti81603. • http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html http://secunia.com/advisories/44331 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml http://www.securityfocus.com/bid/47608 http://www.securitytracker.com/id?1025449 http://www.vupen.com/english/advisories/2011/1122 https://exchange.xforce.ibmcloud.com/vulnerabilities/67127 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •