Page 38 of 294 results (0.009 seconds)

CVSS: 6.8EPSS: 0%CPEs: 18EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468. Vulnerabilidad de CSRF en la página Call Detail Records Analysis and Reporting (CAR) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que realizan modificaciones CAR, también conocido como Bug ID CSCum46468. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736 http://tools.cisco.com/security/center/viewAlert.x?alertId=32911 http://www.securitytracker.com/id/1029792 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0

Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470. Vulnerabilidad de XSS en la interfaz IP Manager Assistant (IPMA) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCum46470. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0735 http://tools.cisco.com/security/center/viewAlert.x?alertId=32912 http://www.securityfocus.com/bid/65641 http://www.securitytracker.com/id/1029793 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 18EXPL: 0

The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495. La aplicación web Real Time Monitoring Tool (RTMT) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores no fuerza los requisitos de autenticación, lo que permite a atacantes remotos leer archivos de aplicaciones a través de una solicitud directa a una URL, también conocido como Bug ID CSCum46495. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0732 http://tools.cisco.com/security/center/viewAlert.x?alertId=32913 • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326. Vulnerabilidad de inyección SQL en la interfaz IP Manager Assistant (IPMA) en Cisco Unified Communications Manager (UCM) 10.0(1) y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCum05326. • http://osvdb.org/103218 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0726 http://tools.cisco.com/security/center/viewAlert.x?alertId=32843 http://www.securityfocus.com/bid/65514 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318. Vulnerabilidad de inyección SQL en la interfaz CallManager Interactive Voice Response (CMIVR) en Cisco Unified Communications Manager (UCM) permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCum05318. • http://osvdb.org/103219 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0727 http://tools.cisco.com/security/center/viewAlert.x?alertId=32844 http://www.securityfocus.com/bid/65516 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •