Page 2 of 11 results (0.018 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384. Vulnerabilidad de XSS en UserServlet en Cisco Emergency Responder (ER) 8.6 y anteriores permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de un parámetro no especificado, también conocido como Bug ID CSCun24384. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2114 http://tools.cisco.com/security/center/viewAlert.x?alertId=33644 http://www.securityfocus.com/bid/66635 http://www.securitytracker.com/id/1030019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP packets to the CERPT port, aka Bug ID CSCtx38369. Cisco Emergency Responder v8.6 y v9.2 permite a atacantes remotos causar una denegación de servicio (consumo de CPU) mediante el envío de paquetes malformados UDP al puerto CERPT, también conocido como Bug ID CSCtx38369. • https://www.cisco.com/en/US/docs/voice_ip_comm/cer/8_7/english/release/notes/CER0_BK_CEE780BD_00_cisco-emergency-responder-87-release_chapter_00.html • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 11%CPEs: 8EXPL: 0

The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors. El Disaster Recovery Framework (DRF) Master Server en productos Cisco Unified Communications, incluyendo Unified Communications Manager (CUCM) 5.x y 6.x, Unified Presence 1.x y 6.x, Emergency Responder 2.x, y Mobility Manager 2.x, no requiere autenticación para las peticiones recibidas desde la red, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://secunia.com/advisories/29670 http://securitytracker.com/id?1019768 http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml http://www.securityfocus.com/bid/28591 http://www.vupen.com/english/advisories/2008/1093 https://exchange.xforce.ibmcloud.com/vulnerabilities/41632 • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 93%CPEs: 296EXPL: 2

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt http://secunia.com/advisories/15393 http://secunia.com/advisories/15417 http://secunia.com/advisories/18222 http://secunia.com/advisories/18662 http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml http:/& •

CVSS: 10.0EPSS: 1%CPEs: 34EXPL: 0

The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247. • http://secunia.com/advisories/10696 http://www.ciac.org/ciac/bulletins/o-066.shtml http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml http://www.kb.cert.org/vuls/id/602734 http://www.osvdb.org/3692 http://www.securityfocus.com/bid/9468 http://www.securitytracker.com/id?1008814 https://exchange.xforce.ibmcloud.com/vulnerabilities/14900 • CWE-287: Improper Authentication •