CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8018
https://notcve.org/view.php?id=CVE-2014-8018
Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661. Múltiples vulnerabilidades XSS en BetkQ Access Manager (NAM) 4.x anterior a 4.1 permite a atacantes remotos inyectar scripts o HTML arbitrario mediante (1) un parámetro arbitrario hacia roma/jsp/debug/debug.jsp o (2) un parámetro arbitrario en la acción debug.DumpAll hacia nps/servlet/webacc, un problema distinto de CVE-2014-5216. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8018 http://www.securityfocus.com/bid/71771 http://www.securitytracker.com/id/1031424 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8010
https://notcve.org/view.php?id=CVE-2014-8010
The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205. El Framework web en Cisco Unified Communications Domain Manager 8 permite a administradores remotos autenticados ejecutar comandos OS arbitrarios a través de valores manipulados, también conocido como Bug ID CSCuq50205. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8010 http://www.securitytracker.com/id/1031339 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2014-3380
https://notcve.org/view.php?id=CVE-2014-3380
Cisco Unified Communications Domain Manager Platform Software 4.4(.3) and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending crafted TCP packets quickly, aka Bug ID CSCuo42063. Cisco Unified Communications Domain Manager Platform Software 4.4(.3) y anteriores, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante el envío rápido de paquetes TCP manipulados, también conocido como Bug ID CSCuo42063. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3380 http://tools.cisco.com/security/center/viewAlert.x?alertId=35803 http://www.securityfocus.com/bid/70044 http://www.securitytracker.com/id/1030885 https://exchange.xforce.ibmcloud.com/vulnerabilities/96146 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3339
https://notcve.org/view.php?id=CVE-2014-3339
Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290. Múltiples vulnerabilidades de inyección SQL en la interfaz del web de administración en Cisco Unified Communications Manager (CM) y Cisco Unified Presence Server (CUPS) permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de entradas manipuladas en páginas no especificadas, también conocido como Bug ID CSCup74290. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339 http://www.securityfocus.com/bid/69200 https://exchange.xforce.ibmcloud.com/vulnerabilities/95250 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-3337
https://notcve.org/view.php?id=CVE-2014-3337
The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428. La implementación SIP en Cisco Unified Communications Manager (CM) 8.6(.2) y anteriores permite a usuarios remotos autenticados causar una denegación de servicio (caída del proceso) a través de un mensaje SIP manipulado que no se maneja debidamente durante el procesamiento de un documento XML, también conocido como Bug ID CSCtq76428. • http://secunia.com/advisories/60088 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3337 http://tools.cisco.com/security/center/viewAlert.x?alertId=35257 http://www.securityfocus.com/bid/69177 http://www.securitytracker.com/id/1030709 https://exchange.xforce.ibmcloud.com/vulnerabilities/95245 • CWE-20: Improper Input Validation •