CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3318
https://notcve.org/view.php?id=CVE-2014-3318
10 Jul 2014 — Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318. Vulnerabilidad de salto de directorio en dna/viewfilecontents.do en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager permite a usuarios remotos autenticados leer ficheros arbitrarios a través de una URL manipulada, también conocido... • http://secunia.com/advisories/59728 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0740
https://notcve.org/view.php?id=CVE-2014-0740
27 Feb 2014 — Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701. Vulnerabilidad de CSRF en la interfaz Call Detail Records Analysis and Reporting (CAR) en el componente OS Administration en Cisco Unified Communicat... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0740 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0741
https://notcve.org/view.php?id=CVE-2014-0741
27 Feb 2014 — The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461. La funcionalidad certificate-import en la implementación Certificate Authority Proxy Function (CAPF) CLI en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a usuarios locales leer o modificar archivos arbitra... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741 • CWE-310: Cryptographic Issues •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0742
https://notcve.org/view.php?id=CVE-2014-0742
27 Feb 2014 — The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464. La implementación Certificate Authority Proxy Function (CAPF) CLI en la funcionalidad de gestión CSR en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a usuarios locales leer o modificar archivos arbitrarios a... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0743
https://notcve.org/view.php?id=CVE-2014-0743
27 Feb 2014 — The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468. El componente Certificate Authority Proxy Function (CAPF) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos evadir autenticación y modificar información de dispositivo registrado a través de datos m... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0743 • CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0747
https://notcve.org/view.php?id=CVE-2014-0747
27 Feb 2014 — The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. La implementación Certificate Authority Proxy Function (CAPF) CLI en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a usuarios locales inyectar comandos a través de programas CAPF no especificados, también conocido como Bug ID CSCum95493. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0747 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0731
https://notcve.org/view.php?id=CVE-2014-0731
22 Feb 2014 — The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497. La administración del interfaz en Cisco Unified Communications Manager (Unified CM) 10.0(1) y versiones anteriores permite a atacantes remotos eludir la autenticación y leer archivos Java class a través de una petición directa, vulnerabilidad también conocida como Bug ID CSCum46497. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0731 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0733
https://notcve.org/view.php?id=CVE-2014-0733
20 Feb 2014 — The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494. El componente Enterprise License Manager (ELM) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores no fuerza debidamente los requisitos de autenticación, lo que permite a atacantes remotos leer archivos ELM a trav... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0733 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0732
https://notcve.org/view.php?id=CVE-2014-0732
20 Feb 2014 — The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495. La aplicación web Real Time Monitoring Tool (RTMT) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores no fuerza los requisitos de autenticación, lo que permite a atacantes remotos leer archivos de a... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0732 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0734
https://notcve.org/view.php?id=CVE-2014-0734
20 Feb 2014 — SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483. Vulnerabilidad de inyección SQL en la implementación Certificate Authority Proxy Function (CAPF) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de ... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0734 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •