CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 1CVE-2008-0026 – Cisco Unified Communications Manager 6.1 - 'key' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0026
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. Una vulnerabilidad de la inyección SQL en Cisco Unified CallManager/Communications Manager (CUCM) versiones 5.0/5.1 anteriores a 5.1(3a) y versiones 6.0/6.1 anteriores a 6.1(1a), permite a los usuarios autenticados remotos ejecutar comandos SQL arbitrarios por medio del parámetro key en las páginas de interfaz de (1) administrador y (2) usuario. • https://www.exploit-db.com/exploits/31189 http://secunia.com/advisories/28932 http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml http://www.securityfocus.com/bid/27775 http://www.securitytracker.com/id?1019404 http://www.vupen.com/english/advisories/2008/0542 https://exchange.xforce.ibmcloud.com/vulnerabilities/40484 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 13%CPEs: 8EXPL: 0CVE-2007-4294
https://notcve.org/view.php?id=CVE-2007-4294
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102. Vulnerabilidad sin especificar en el Cisco Unified Communications Manager (CUCM) 5.0, 5.1, y 6.0 y en el IOS 12.0 hasta el 12.4, permite a atacantes remotos ejecutar código de su elección a través de un paquete SIP mal formado, también conocido como CSCsi80102. • http://osvdb.org/36693 http://secunia.com/advisories/26362 http://securitytracker.com/id?1018538 http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtml http://www.securityfocus.com/bid/25239 http://www.vupen.com/english/advisories/2007/2816 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5851 •