CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2011-2561
https://notcve.org/view.php?id=CVE-2011-2561
29 Aug 2011 — The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990. El proceso SIP en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v7.x antes de v... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 2%CPEs: 46EXPL: 0CVE-2011-1605
https://notcve.org/view.php?id=CVE-2011-1605
03 May 2011 — Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCth39586. Vulnerabilidad no especificada en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5b)su2, v8.0 antes de v8.0(3), y v8.5 antes d... • http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html •
CVSS: 8.8EPSS: 0%CPEs: 45EXPL: 1CVE-2011-1609 – Cisco Unified Communications Manager 8.5 - 'xmldirectorylist.jsp' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2011-1609
03 May 2011 — SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647. Vulnerabilidad de inyección SQL en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5)su1, v8.0 antes de v8.0(3), y v8.5 antes de v8.5... • https://www.exploit-db.com/exploits/35672 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 47EXPL: 0CVE-2011-1604
https://notcve.org/view.php?id=CVE-2011-1604
03 May 2011 — Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904. Vulnerabilidad no especificada en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5b)su2, v8.0 antes de v8.0(3), y... • http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 2%CPEs: 45EXPL: 0CVE-2011-1606
https://notcve.org/view.php?id=CVE-2011-1606
03 May 2011 — Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtg62855. Vulnerabilidad no especificada en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5)su1, v8.0 antes de v8.0(3), y v8.5 antes de ... • http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html •
CVSS: 6.5EPSS: 0%CPEs: 46EXPL: 0CVE-2011-1607
https://notcve.org/view.php?id=CVE-2011-1607
03 May 2011 — Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603. Vulnerabilidad de salto de directorio en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su3, 7.x antes de 7.1 (5b) SU... • http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 74%CPEs: 48EXPL: 0CVE-2011-1610 – Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2011-1610
28 Apr 2011 — Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064. Múltiples vulnerabilidades de inyección SQL en xmldirectorylist.jsp incrustado en el componente del Servidor Apache H... • http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 43EXPL: 4CVE-2010-3039 – Cisco Unified Communications Manager 8.0 - Invalid Argument Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3039
09 Nov 2010 — /usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930. /usr/local/cm/bin/pktCap_protectData en Cisco Unified Communications Manager (también conocido como CUCM, formerly CallManager) v6, v7, y v8 permite a adminitradores autenticados remotamente ejecutar código ... • https://www.exploit-db.com/exploits/34954 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 235EXPL: 0CVE-2010-2834
https://notcve.org/view.php?id=CVE-2010-2834
23 Sep 2010 — Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987. Cisco IOS v12.2 hasta v12.4 y v15.0 hasta v15.1, Cisco IOS XE v2.5.x y v2.6.x anterior a v2.6.1, y Cis... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml •
CVSS: 7.8EPSS: 0%CPEs: 232EXPL: 0CVE-2010-2835
https://notcve.org/view.php?id=CVE-2010-2835
23 Sep 2010 — Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358. Cisco IOS v12.2 hasta v12.4 y v15.0 hasta v15.1... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml •