CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6352
https://notcve.org/view.php?id=CVE-2015-6352
30 Oct 2015 — Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891. Cisco Unified Communications Domain Manager en versiones anteriores a 10.6(1) proporciona diferentes mensajes de error para intentos de acceso al nombre de ruta dependiendo de si el nombre de ruta existe, lo que permite a atacantes remotos mapear un... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151027-ucd • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-4196
https://notcve.org/view.php?id=CVE-2015-4196
04 Jul 2015 — Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546. Platform Software anterior a 4.4.5 en Cisco Unified Communications Domain Manager (CDM) 8.x tiene una contraseña embebida para una cuenta privilegiada, lo que permite a atacantes remotos obtener el acceso a root mediante e... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150701-cucdm • CWE-255: Credentials Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4229
https://notcve.org/view.php?id=CVE-2015-4229
30 Jun 2015 — The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589. El Framework Web en Cisco Unified Communications Domain Manager 8.1(4)ER1 permite a atacantes remotos obtener información sensible mediante la visita a una URL bvsmweb, también conocida como Bug ID CSCuq22589. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39557 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0699
https://notcve.org/view.php?id=CVE-2015-0699
15 Apr 2015 — SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563. Vulnerabilidad de inyección SQL en el componente Interactive Voice Response (IVR) en Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados, también conocido co... • http://tools.cisco.com/security/center/viewAlert.x?alertId=38366 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 0CVE-2015-0682
https://notcve.org/view.php?id=CVE-2015-0682
03 Apr 2015 — Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168. Cisco Unified Communications Domain Manager 8.1(4) permite a usuarios remotos autenticados ejecutar código arbitrario mediante la visita a una 'página obsoleta,' también conocido como Bug ID CSCup90168. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38113 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0683
https://notcve.org/view.php?id=CVE-2015-0683
03 Apr 2015 — Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. Cisco Unified Communications Domain Manager 8.1(4) permite a usuarios remotos autenticados obtener información sensible a través de un ataque de inclusión de ficheros, también conocido como Bug ID CSCup94744. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38118 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0684
https://notcve.org/view.php?id=CVE-2015-0684
03 Apr 2015 — SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515. Vulnerabilidad de inyección SQL en el componente Image Management en Cisco Unified Communications Domain Manager 8.1(4) permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, también conocido como Bug ID CSCuq52515. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38114 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0591
https://notcve.org/view.php?id=CVE-2015-0591
15 Jan 2015 — Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177. Cisco Unified Communications Domain Manager (UCDM) 10 permite a atacantes causar una denegación de servicio (cuelgue de demonio y interrupción de GUI) a través de una inundación de paquetes TCP malformados, también conocido como Bug ID CSCur44177. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0591 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0588
https://notcve.org/view.php?id=CVE-2015-0588
15 Jan 2015 — Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. Vulnerabilidad de CSRF en Cisco Unified Communications Domain Manager (UCDM) 10 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocido como Bug ID CSCuo77055. • http://secunia.com/advisories/62352 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8020
https://notcve.org/view.php?id=CVE-2014-8020
10 Jan 2015 — Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of malformed TCP packets and UDP packets, aka Bug ID CSCup25276. Cisco Unified Communication Domain Manager Platform Software permite a atacantes remotos causar una denegación de servicio (consumo de CPU, y degradación de funcionamiento o interrupción de servicio) a través de una inundación de paquetes TCP y paquetes UD... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8020 • CWE-399: Resource Management Errors •