CVE-2014-0726
https://notcve.org/view.php?id=CVE-2014-0726
SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326. Vulnerabilidad de inyección SQL en la interfaz IP Manager Assistant (IPMA) en Cisco Unified Communications Manager (UCM) 10.0(1) y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCum05326. • http://osvdb.org/103218 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0726 http://tools.cisco.com/security/center/viewAlert.x?alertId=32843 http://www.securityfocus.com/bid/65514 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-0728
https://notcve.org/view.php?id=CVE-2014-0728
SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313. Vulnerabilidad de inyección SQL en la interfaz Java Database en Cisco Unified Communications Manager (UCM) 10.0(1) y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCum05313. • http://osvdb.org/103221 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0728 http://tools.cisco.com/security/center/viewAlert.x?alertId=32834 http://www.securityfocus.com/bid/65499 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-0724
https://notcve.org/view.php?id=CVE-2014-0724
The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340. La interfaz Bulk Administration en Cisco Unified Communications Manager (UCM) 10.0(1) y anteriores permite a atacantes remotos evadir la autenticación y leer archivos arbitrarios mediante el uso de una petición no especificada, también conocido como Bug ID CSCum05340. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0724 http://tools.cisco.com/security/center/viewAlert.x?alertId=32825 • CWE-20: Improper Input Validation •
CVE-2014-0686
https://notcve.org/view.php?id=CVE-2014-0686
Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908. Cisco Unified Communications Manager (también conocido como Unified CM) 9.1 (2.10000.28) y anteriores permite a usuarios locales obtener privilegios mediante el aprovechamiento de los permisos de fichero no correctos, también conocido como Bug IDs CSCul24917 y CSCul24908. • http://osvdb.org/102750 http://secunia.com/advisories/56818 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0686 http://tools.cisco.com/security/center/viewAlert.x?alertId=32683 http://www.securityfocus.com/bid/65281 https://exchange.xforce.ibmcloud.com/vulnerabilities/90852 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-0657
https://notcve.org/view.php?id=CVE-2014-0657
The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540. El portal de administración en Cisco Unified Communications Manager (Unified CM) 9.1 (1) y anteriores no maneja apropiadamente las restricciones por rol, lo que permite a usuarios remotos autenticados sortear el control de acceso basado en rol a través de múltiples visitas a la URL "forbidden portal", tambien conocido como Bug ID CSCuj83540. • http://osvdb.org/101800 http://secunia.com/advisories/56368 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0657 http://tools.cisco.com/security/center/viewAlert.x?alertId=32341 http://www.securityfocus.com/bid/64690 http://www.securitytracker.com/id/1029571 https://exchange.xforce.ibmcloud.com/vulnerabilities/90120 • CWE-264: Permissions, Privileges, and Access Controls •