Page 6 of 44 results (0.029 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314. Vulnerabilidad de salto de directorio en Multiple Analyzer en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager 10.0(1) permite a usuarios remotos autenticados eliminar ficheros arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCup76314. • http://secunia.com/advisories/59727 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3317 http://tools.cisco.com/security/center/viewAlert.x?alertId=34898 http://www.securityfocus.com/bid/68481 http://www.securitytracker.com/id/1030554 https://exchange.xforce.ibmcloud.com/vulnerabilities/94435 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676. Vulnerabilidad de salto de directorio en Real-Time Monitoring Tool (RTMT) en Cisco Unified Communications Manager (CM) 10.0(1) permite a usuarios remotos autenticados leer ficheros arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCup57676. • http://secunia.com/advisories/59734 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3319 http://tools.cisco.com/security/center/viewAlert.x?alertId=34909 http://www.securitytracker.com/id/1030554 https://exchange.xforce.ibmcloud.com/vulnerabilities/94436 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0

Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318. Vulnerabilidad de salto de directorio en dna/viewfilecontents.do en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager permite a usuarios remotos autenticados leer ficheros arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCup76318. • http://secunia.com/advisories/59728 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3318 http://tools.cisco.com/security/center/viewAlert.x?alertId=34897 http://www.securityfocus.com/bid/68482 http://www.securitytracker.com/id/1030554 https://exchange.xforce.ibmcloud.com/vulnerabilities/94433 • CWE-20: Improper Input Validation •

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0

The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297. Multiple Analyzer en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager permite a usuarios remotos autenticados evadir las restricciones de subida a través de un parámetro manipulado, también conocido como Bug ID CSCup76297. • http://secunia.com/advisories/59730 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3316 http://tools.cisco.com/security/center/viewAlert.x?alertId=34899 http://www.securityfocus.com/bid/68479 http://www.securitytracker.com/id/1030554 https://exchange.xforce.ibmcloud.com/vulnerabilities/94429 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308. Vulnerabilidad de XSS en viewfilecontents.do en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro no especificado, también conocido como Bug ID CSCup76308. • http://secunia.com/advisories/59739 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3315 http://tools.cisco.com/security/center/viewAlert.x?alertId=34900 http://www.securityfocus.com/bid/68477 https://exchange.xforce.ibmcloud.com/vulnerabilities/94430 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •