CVSS: 6.5EPSS: 0%CPEs: 46EXPL: 0CVE-2011-1607
https://notcve.org/view.php?id=CVE-2011-1607
Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603. Vulnerabilidad de salto de directorio en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su3, 7.x antes de 7.1 (5b) SU3, 8.0 antes de 8.0 (3 bis) su1, y 8.5 antes de 8.5 (1) permite a usuarios autenticados remotamente subir archivos a directorios de su elección a través de una ruta modificada en una petición de subida, también conocido como Bug ID CSCti81603. • http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html http://secunia.com/advisories/44331 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml http://www.securityfocus.com/bid/47608 http://www.securitytracker.com/id?1025449 http://www.vupen.com/english/advisories/2011/1122 https://exchange.xforce.ibmcloud.com/vulnerabilities/67127 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 2%CPEs: 45EXPL: 0CVE-2011-1606
https://notcve.org/view.php?id=CVE-2011-1606
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtg62855. Vulnerabilidad no especificada en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5)su1, v8.0 antes de v8.0(3), y v8.5 antes de v8.5(1) permite a atacantes remotos provocar una denegación de servicio (fallo del proceso) a través de un mensaje SIP con formato incorrecto, también conocido como Bug ID CSCtg62855. • http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html http://secunia.com/advisories/44331 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml http://www.securityfocus.com/bid/47611 http://www.securitytracker.com/id?1025449 http://www.vupen.com/english/advisories/2011/1122 https://exchange.xforce.ibmcloud.com/vulnerabilities/67124 •
CVSS: 7.8EPSS: 2%CPEs: 46EXPL: 0CVE-2011-1605
https://notcve.org/view.php?id=CVE-2011-1605
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCth39586. Vulnerabilidad no especificada en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5b)su2, v8.0 antes de v8.0(3), y v8.5 antes de v8.5(1) permite a atacantes remotos provocar una denegación de servicio (fallo del proceso) a través de un mensaje SIP con formato incorrecto, también conocido como Bug ID CSCth39586. • http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html http://secunia.com/advisories/44331 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml http://www.securityfocus.com/bid/47610 http://www.securitytracker.com/id?1025449 http://www.vupen.com/english/advisories/2011/1122 https://exchange.xforce.ibmcloud.com/vulnerabilities/67123 •
CVSS: 7.1EPSS: 2%CPEs: 47EXPL: 0CVE-2011-1604
https://notcve.org/view.php?id=CVE-2011-1604
Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904. Vulnerabilidad no especificada en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5b)su2, v8.0 antes de v8.0(3), y v8.5 antes de v8.5(1) permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y fallo del proceso) a través de un mensaje SIP con formato incorrecto, también conocido como Bug ID CSCti42904. • http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html http://secunia.com/advisories/44331 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml http://www.securityfocus.com/bid/47609 http://www.securitytracker.com/id?1025449 http://www.vupen.com/english/advisories/2011/1122 https://exchange.xforce.ibmcloud.com/vulnerabilities/67122 • CWE-399: Resource Management Errors •
CVSS: 8.5EPSS: 0%CPEs: 45EXPL: 1CVE-2011-1609 – Cisco Unified Communications Manager 8.5 - 'xmldirectorylist.jsp' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2011-1609
SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647. Vulnerabilidad de inyección SQL en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5)su1, v8.0 antes de v8.0(3), y v8.5 antes de v8.5(1) permite a usuarios autenticados remotamente ejecutar comandos SQL a través de vectores no especificados, también conocido como error de identificación CSCtg85647. • https://www.exploit-db.com/exploits/35672 http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html http://secunia.com/advisories/44331 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml http://www.securityfocus.com/bid/47605 http://www.securitytracker.com/id?1025449 http://www.vupen.com/english/advisories/2011/1122 https://exchange.xforce.ibmcloud.com/vulnerabilities/67125 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •