CVE-2016-6427
https://notcve.org/view.php?id=CVE-2016-6427
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654. Vulnerabilidad de CSRF en Cisco Unified Intelligence Center (CUIC) 8.5.4 hasta la versión 9.1(1), tal como se usa en Unified Contact Center Express 10.0(1) hasta la versión 11.0(1), permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, vulnerabilidad también conocida como Bug IDs CSCuy75036 y CSCuy81654. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3 http://www.securityfocus.com/bid/93418 http://www.securitytracker.com/id/1036953 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2016-6426
https://notcve.org/view.php?id=CVE-2016-6426
The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653. La función j_spring_security_switch_user en Cisco Unified Intelligence Center (CUIC) 8.5.4 hasta la versión 9.1(1), tal como se utiliza en Unified Contact Center Express 10.0(1) hasta la versión 11.0(1), permite a atacantes remotos crear cuentas de usuario visitando una página web no especificada, vulnerabilidad también conocida como IDs CSCuy75027 y CSCuy81653. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2 http://www.securityfocus.com/bid/93420 http://www.securitytracker.com/id/1036952 • CWE-20: Improper Input Validation •
CVE-2016-1298
https://notcve.org/view.php?id=CVE-2016-1298
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033. Múltiples vulnerabilidades de XSS en Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1) y 11.0(1) permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con enlaces permanentes, también conocido como Bug ID CSCux92033. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160125-ucce http://www.securitytracker.com/id/1034828 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-2583
https://notcve.org/view.php?id=CVE-2011-2583
Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remote attackers to cause a denial of service via network traffic, as demonstrated by an SEC-BE-STABLE test case, aka Bug ID CSCth33834. Cisco Unified Contact Center Express (también conocido como CCX) v8.0 y v8.5, permite a atacantes remotos causar una denegación de servicio a través de tráfico de la red, como lo demuestra un caso de prueba SEC-BE-STABLE, también conocido como Bug ID CSCth33834. • http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_8_5/release/guide/uccx851rn.pdf http://www.securitytracker.com/id?1027009 https://exchange.xforce.ibmcloud.com/vulnerabilities/75339 • CWE-20: Improper Input Validation •
CVE-2010-1570
https://notcve.org/view.php?id=CVE-2010-1570
The computer telephony integration (CTI) server component in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), 6.0 before 6.0(1)SR1, and 5.0 before 5.0(2)SR3 allows remote attackers to cause a denial of service (CTI server and Node Manager failure) via a malformed CTI message. El componente computer telephony integration (CTI) server en Cisco Unified Contact Center Express (UCCX) v7.0 anterior v7.0(1)SR4 y v7.0(2), v6.0 anterior v6.0(1)SR1, y v5.0 anteior v5.0(2)SR3 permite a atacantes remotos causar una denegación de servicio (CTI server and Node Manager failure) a través de un mensaje CTI malformado. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2f110.shtml http://www.securityfocus.com/bid/40684 http://www.securitytracker.com/id?1024081 https://exchange.xforce.ibmcloud.com/vulnerabilities/59276 •