CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3281
https://notcve.org/view.php?id=CVE-2014-3281
08 Jun 2014 — The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) does not properly implement access control, which allows remote attackers to obtain potentially sensitive user information by visiting an unspecified BVSMWeb web page, aka Bug IDs CSCun46071 and CSCun46101. El Framework web en VOSS en Cisco Unified Communications Domain Manager (CDM) no implementa debidamente control de acceso, lo que permite a atacantes remotos obtener información potencialmente sensible mediante la visita a una... • http://secunia.com/advisories/58657 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3280
https://notcve.org/view.php?id=CVE-2014-3280
03 Jun 2014 — The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116. El Framework web en VOSS en Cisco Unified Communications Domain Manager (CDM) 9.0(.1) y anteriores no implementa debidamente control de acceso, lo que permite a usuarios remotos autenti... • http://secunia.com/advisories/58400 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3277
https://notcve.org/view.php?id=CVE-2014-3277
29 May 2014 — The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005. La interfaz gráfica de usuario (GUI) Administration en el Framework web en VOSS en Cisco Unified Communications Domain Manager (CDM) 9.0(.1) y anteriores no ... • http://secunia.com/advisories/58400 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3279
https://notcve.org/view.php?id=CVE-2014-3279
29 May 2014 — The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers to enumerate account names via a crafted URL, aka Bug IDs CSCun39631 and CSCun39643. La interfaz gráfica de usuario (GUI) Administration en el Framewrok web en VOSS en Cisco Unified Communications Domain Manager (CDM) 9.0(.1) y anteriores no implementa debidamente control de acceso, lo que permite a atacantes re... • http://secunia.com/advisories/58400 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3282
https://notcve.org/view.php?id=CVE-2014-3282
29 May 2014 — The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930. La interfaz gráfica de usuario (GUI) Administration en el Framework web en VOSS en Cisco Unified Communications Domain Manager (CDM) 9.0(.1) y anteriores... • http://secunia.com/advisories/58400 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3283
https://notcve.org/view.php?id=CVE-2014-3283
29 May 2014 — Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731. Vulnerabilidad de redirección abierta en aplicaciones Self-Care Client Portal en el Framework web en VOSS en Cisco Unified Communications Domain Manager (CDM) 9.0(.1) y anteriores permite a atacantes remoto... • http://secunia.com/advisories/58400 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2104
https://notcve.org/view.php?id=CVE-2014-2104
02 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113. Múltiples vulnerabilidades de XSS en la página Business Voice Services Manager (BVSM) en Cisco Unified Communications Domain Manager 9.0(.1) permiten a atacantes remotos inyectar script Web o HTML arb... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5517
https://notcve.org/view.php?id=CVE-2013-5517
02 Oct 2013 — SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh96567. Vulnerabilidad de inyeccion SQL en Cisco Unified Communications Domain Manage permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a traves de una URL manipulada. También conocido como Bug ID CSCuh96567. • http://osvdb.org/98019 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3418
https://notcve.org/view.php?id=CVE-2013-3418
11 Jul 2013 — Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows remote authenticated users to cause a denial of service (memory consumption and process crash) via crafted requests to the management interface, aka Bug ID CSCud22922. Cisco Unified Communications Domain Manager no reserva correctamente memoria para peticiones GET y POST, lo que permite a usuarios autenticados de forma remota causar una denegación de servicios (consumo de memoria y caída de ... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3418 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-1132
https://notcve.org/view.php?id=CVE-2013-1132
10 Jul 2013 — Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) IptAccountMgmt, (2) IptFeatureConfigTemplateMgmt, (3) IptFeatureDisplayPolicyMgmt, or (4) IptProviderMgmt page, aka Bug IDs CSCud69972, CSCud70193, and CSCud70261. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Cisco Unified Communications Domain Manager, permite a atacante... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1132 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •