NotCVE - vendor:"Cisco" product:"Unified Communications Manager" version:"9.9\(9\)st1.9"

Page 4 of 36 results (0.003 seconds)

CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 0

CVE-2014-0734

https://notcve.org/view.php?id=CVE-2014-0734

20 Feb 2014 — SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483. Vulnerabilidad de inyección SQL en la implementación Certificate Authority Proxy Function (CAPF) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de ... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0734 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0

CVE-2014-0735

https://notcve.org/view.php?id=CVE-2014-0735

20 Feb 2014 — Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470. Vulnerabilidad de XSS en la interfaz IP Manager Assistant (IPMA) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de una URL manipulada, también co... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0735 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0

CVE-2014-0736

https://notcve.org/view.php?id=CVE-2014-0736

20 Feb 2014 — Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468. Vulnerabilidad de CSRF en la página Call Detail Records Analysis and Reporting (CAR) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos secues... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2014-0724

https://notcve.org/view.php?id=CVE-2014-0724

13 Feb 2014 — The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340. La interfaz Bulk Administration en Cisco Unified Communications Manager (UCM) 10.0(1) y anteriores permite a atacantes remotos evadir la autenticación y leer archivos arbitrarios mediante el uso de una petición no especificada, también conocido como Bug ID CSCum05340. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0724 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2014-0726

https://notcve.org/view.php?id=CVE-2014-0726

13 Feb 2014 — SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326. Vulnerabilidad de inyección SQL en la interfaz IP Manager Assistant (IPMA) en Cisco Unified Communications Manager (UCM) 10.0(1) y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCum053... • http://osvdb.org/103218 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2014-0728

https://notcve.org/view.php?id=CVE-2014-0728

13 Feb 2014 — SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313. Vulnerabilidad de inyección SQL en la interfaz Java Database en Cisco Unified Communications Manager (UCM) 10.0(1) y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCum05313. • http://osvdb.org/103221 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

1 2 3 4