CVSS: 10.0EPSS: 8%CPEs: 2EXPL: 0CVE-2007-5538
https://notcve.org/view.php?id=CVE-2007-5538
Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712. Desbordamiento de búfer en Centralized TFTP File Locator Service de Cisco Unified Communications Manager (CUCM, antes conocido como CallManager) 5.1 anterior a 5.1(3), y Unified CallManager 5.0, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio mediante vectores no especificados que implican el procesamiento de nombres de fichero, también conocido como CSCsh47712. • http://osvdb.org/37940 http://secunia.com/advisories/27296 http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml http://www.securityfocus.com/bid/26105 http://www.securitytracker.com/id?1018828 http://www.vupen.com/english/advisories/2007/3532 https://exchange.xforce.ibmcloud.com/vulnerabilities/37247 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2007-4633
https://notcve.org/view.php?id=CVE-2007-4633
Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Cisco CallManager y Unified Communications Manager (CUCM) versiones anteriores a 3.3(5)sr2b, 4.1 versiones anteriores a 4.1(3)sr5, 4.2 versiones anteriores a 4.2(3)sr2, y 4.3 versiones anteriores a 4.3(1)sr1, permite a atacantes remotos inyectar scripts web o HTML de su elección mediante la variable lang en la página de acceso de (1) usuario ó (2) administrador, también conocido como CSCsi10728. • http://secunia.com/advisories/26641 http://securitytracker.com/id?1018624 http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml http://www.securityfocus.com/bid/25480 http://www.vupen.com/english/advisories/2007/3010 https://exchange.xforce.ibmcloud.com/vulnerabilities/36325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 31EXPL: 2CVE-2007-4634 – Cisco CallManager 4.2 / CUCM 4.2 - Logon Page 'lang' SQL Injection
https://notcve.org/view.php?id=CVE-2007-4634
Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265. Múltiples vulnerabilidades de inyección SQL en Cisco CallManager y Unified Communications Manager (CUCM) versiones anteriores a 3.3(5)sr2b, 4.1 versiones anteriores a 4.1(3)sr5, 4.2 versiones anteriores a 4.2(3)sr2, y 4.3 versiones anteriores a 4.3(1)sr1, permiten a atacantes remotos ejecutar comandos SQL de su elección mediante la variable lang en la página de acceso de (1) usuario ó (2) administrador, también conocido como CSCsi64265. • https://www.exploit-db.com/exploits/30541 http://secunia.com/advisories/26641 http://securitytracker.com/id?1018624 http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml http://www.securityfocus.com/bid/25480 http://www.vupen.com/english/advisories/2007/3010 https://exchange.xforce.ibmcloud.com/vulnerabilities/36326 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 13%CPEs: 8EXPL: 0CVE-2007-4294
https://notcve.org/view.php?id=CVE-2007-4294
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102. Vulnerabilidad sin especificar en el Cisco Unified Communications Manager (CUCM) 5.0, 5.1, y 6.0 y en el IOS 12.0 hasta el 12.4, permite a atacantes remotos ejecutar código de su elección a través de un paquete SIP mal formado, también conocido como CSCsi80102. • http://osvdb.org/36693 http://secunia.com/advisories/26362 http://securitytracker.com/id?1018538 http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtml http://www.securityfocus.com/bid/25239 http://www.vupen.com/english/advisories/2007/2816 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5851 •
CVSS: 10.0EPSS: 5%CPEs: 6EXPL: 0CVE-2006-5278
https://notcve.org/view.php?id=CVE-2006-5278
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow. Desbordamiento de entero en Real-Time Information Server (RIS) Data Collector service (RisDC.exe) de Cisco Unified Communications Manager (CUCM, anteriormente denominado CallManager) versiones anteriores a 20070711 permite a atacantes remotos ejecutar código de su elección mediante paquetes manipulados, resultando en un desbordamiento de búfer basado en montículo. • http://secunia.com/advisories/26043 http://securitytracker.com/id?1018369 http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml http://www.iss.net/threats/271.html http://www.osvdb.org/36121 http://www.securityfocus.com/bid/24868 http://www.vupen.com/english/advisories/2007/2512 https://exchange.xforce.ibmcloud.com/vulnerabilities/19057 •