CVE-2012-0367
https://notcve.org/view.php?id=CVE-2012-0367
Cisco Unity Connection before 7.1.5b(Su5), 8.0 and 8.5 before 8.5.1(Su3), and 8.6 before 8.6.2 allows remote attackers to cause a denial of service (services crash) via a series of crafted TCP segments, aka Bug ID CSCtq67899. Cisco Unity Connection anteriores a v7.1.5b(Su5), v8.0 y 8.5 anteriores a v8.5.1(Su3), y v8.6 anteriores a v8.6.2 permite a atacantes remotos provocar una denegación de servicio (caída de servicios) a través de una serie de segmentos TCP manipulados, también conocido como Bug ID CSCtq67899. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cuc • CWE-399: Resource Management Errors •
CVE-2012-0366
https://notcve.org/view.php?id=CVE-2012-0366
Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141. Cisco Unity Connection anteriores a v7.1.3b(Su2) permite a usuarios remotos autenticados a cambiar la contraseña de administración by aprovechando el rol de Help Desk Administrator, también conocido como Bug ID CSCtd45141. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cuc • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-4542
https://notcve.org/view.php?id=CVE-2008-4542
Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store). Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Cisco Unity 4.x anteriores a v4.2(1)ES162, 5.x anteriores a v5.0(1)ES56, y 7.x anteriores a v7.0(2)ES8, que permite a los administradores autenticados remotos inyectar una secuencia de comandos web o HTML arbitrarios metiéndolos en la base de datos (también conocida como almacén de datos). • http://secunia.com/advisories/32207 http://securitytracker.com/id?1021012 http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html http://www.securityfocus.com/bid/31642 http://www.voipshield.com/research-details.php?id=127 http://www.vupen.com/english/advisories/2008/2771 https://exchange.xforce.ibmcloud.com/vulnerabilities/45744 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-4543
https://notcve.org/view.php?id=CVE-2008-4543
Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections. Cisco Unity v4.x anteriores a v4.2(1)ES161, 5.x anteriores a v5.0(1)ES53, y v7.x anteriores a v7.0(2)ES8, cuando utilizan autentificación anónima (también conocida como autenticación nativa Unity), permite a atacantes remotos provocar una denegación de servicio (agotamiento de sesión) a través de un gran número de conexiones. • http://secunia.com/advisories/32187 http://securitytracker.com/id?1021013 http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html http://www.securityfocus.com/bid/31642 http://www.voipshield.com/research-details.php?id=128 http://www.vupen.com/english/advisories/2008/2771 https://exchange.xforce.ibmcloud.com/vulnerabilities/45743 • CWE-399: Resource Management Errors •
CVE-2008-4545
https://notcve.org/view.php?id=CVE-2008-4545
Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory. Cisco Unity v4.x anteriores a v4.2(1)ES161, v5.x anteriores a v5.0(1)ES53, and v7.x anteriores a v7.0(2)ES8 usa permisos débiles para el directorio D:\CommServer\Reports directory, lo que permite a usuarios remotos autentificados conseguir información sensible, leyendo ficheros en este directorio. • http://secunia.com/advisories/32187 http://securitytracker.com/id?1021022 http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html http://www.securityfocus.com/bid/31642 http://www.voipshield.com/research-details.php?id=130 http://www.vupen.com/english/advisories/2008/2771 https://exchange.xforce.ibmcloud.com/vulnerabilities/45742 • CWE-264: Permissions, Privileges, and Access Controls •