CVSS: 6.9EPSS: 0%CPEs: 113EXPL: 0CVE-2013-6689
https://notcve.org/view.php?id=CVE-2013-6689
Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229. Cisco Unified Communications Manager (Unified CM) 9.1 (1) y anteriores permite a usuarios locales eludir los permisos de archivos, y leer, modificar o crear ficheros arbitrariamente, a través de una "sobrecarga" de la utilidad de línea de comandos, también conocido como Bug ID CSCui58229. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6689 http://tools.cisco.com/security/center/viewAlert.x?alertId=31758 • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 0%CPEs: 113EXPL: 0CVE-2013-6688
https://notcve.org/view.php?id=CVE-2013-6688
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222. Vulnerabilidad de salto de directorio en la interfaz license-upload del componente Enterprise License Manager (ELM) de Cisco Unified Communications Manager 9.1(1) y anteriores permite a usuarios remotos autenticados crear archivos arbitrarios a través de rutas diseñadas, también conocido como Bug ID CSCui58222. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6688 http://tools.cisco.com/security/center/viewAlert.x?alertId=31759 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5555
https://notcve.org/view.php?id=CVE-2013-5555
Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349. Cisco Unified Communications Manager (aka CUCM o Unified CM) permite a atacantes remotos provocar una denegación de servicio (reinicio del servicio) a través de un mensaje SIP manipulado, también conocido como Bug ID CSCub54349. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5555 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 2CVE-2013-5528 – Cisco Unified Communications Manager 7/8/9 - Directory Traversal
https://notcve.org/view.php?id=CVE-2013-5528
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815. Vulnerabilidad de salto de directorio en la interfaz web administrativa de Tomcat en Cisco Unified Communications Manager permite a usuarios remotos autenticados leer archivos arbitrarios a través de secuencias de saltos de directorio en una cadena de entrada no especificada, aka Bug ID CSCui78815. A directory traversal vulnerability exists in the Cisco Unified Communications Manager administrative web interface. Versions 7.x, 8.x, and 9.x are all affected. • https://www.exploit-db.com/exploits/40887 http://osvdb.org/98336 http://packetstormsecurity.com/files/140071/Cisco-Unified-Communications-Manager-7-8-9-Directory-Traversal.html http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5528 http://www.securityfocus.com/bid/62960 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5517
https://notcve.org/view.php?id=CVE-2013-5517
SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh96567. Vulnerabilidad de inyeccion SQL en Cisco Unified Communications Domain Manage permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a traves de una URL manipulada. También conocido como Bug ID CSCuh96567. • http://osvdb.org/98019 http://secunia.com/advisories/54847 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5517 http://tools.cisco.com/security/center/viewAlert.x?alertId=31073 http://www.securityfocus.com/bid/62746 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •