CVSS: 9.8EPSS: 2%CPEs: 48EXPL: 0CVE-2011-1610 – Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2011-1610
28 Apr 2011 — Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064. Múltiples vulnerabilidades de inyección SQL en xmldirectorylist.jsp incrustado en el componente del Servidor Apache H... • http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 2%CPEs: 43EXPL: 4CVE-2010-3039 – Cisco Unified Communications Manager 8.0 - Invalid Argument Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3039
09 Nov 2010 — /usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930. /usr/local/cm/bin/pktCap_protectData en Cisco Unified Communications Manager (también conocido como CUCM, formerly CallManager) v6, v7, y v8 permite a adminitradores autenticados remotamente ejecutar código ... • https://www.exploit-db.com/exploits/34954 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 235EXPL: 0CVE-2010-2834
https://notcve.org/view.php?id=CVE-2010-2834
23 Sep 2010 — Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987. Cisco IOS v12.2 hasta v12.4 y v15.0 hasta v15.1, Cisco IOS XE v2.5.x y v2.6.x anterior a v2.6.1, y Cis... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml •
CVSS: 7.8EPSS: 0%CPEs: 232EXPL: 0CVE-2010-2835
https://notcve.org/view.php?id=CVE-2010-2835
23 Sep 2010 — Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358. Cisco IOS v12.2 hasta v12.4 y v15.0 hasta v15.1... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2010-2837
https://notcve.org/view.php?id=CVE-2010-2837
26 Aug 2010 — The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310. La implementación SIPStationInit en Cisco Unified Communications Manager (también conocida como CUCM, anteriormente CallManager) v6.1SU anterior a v6.1(5)SU1, v7.0SU a... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2010-2838
https://notcve.org/view.php?id=CVE-2010-2838
26 Aug 2010 — The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REGISTER message, aka Bug ID CSCtf66305. La implementación SendCombinedStatusInfo en Cisco Unified Communications Manager (también conocido como CUCM, antes CallManager) v7.0SU anterior a v7.0(2a)SU3, v7.1 anterior v7.1(5), y v8.0 anterior ... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2010-0587
https://notcve.org/view.php?id=CVE-2010-0587
05 Mar 2010 — Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985. Cisco Unified Communications Manager (tambien conocido como CUCM, anteriormente CallManager) v4.x anteriores a v4.3(2)SR2, v6.x anteriores a v6.1(5), v7.x anteriores a v7.1(3a)su1,... • http://securitytracker.com/id?1023670 •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2010-0588
https://notcve.org/view.php?id=CVE-2010-0588
05 Mar 2010 — Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines or (2) FwdStatReq message with an invalid Line number, aka Bug ID CSCtc47823. Cisco Unified Communications Manager (también conocido como CUCM, antes CallManager) v6.x anteriores a v6.1(5), v7.x anteriores a v7.1(3a)su1, y v8.x anteriores a v8.0(1) permite a ataca... • http://securitytracker.com/id?1023670 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2010-0590
https://notcve.org/view.php?id=CVE-2010-0590
05 Mar 2010 — The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register message, aka Bug ID CSCtc37188. El componente CMSIPUtility en Cisco Unified Communications Manager (también conocido como CUCM, anteriormente CallManager) v7.x anteriores a v7.1(3a)su1 y v8.x anteriores a v8.0(1) permite a atacantes remotos producir una denegación de ... • http://securitytracker.com/id?1023670 •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2010-0591
https://notcve.org/view.php?id=CVE-2010-0591
05 Mar 2010 — Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362. Cisco Unified Communications Manager (también conocido como CUCM, anteriormente CallManager) v6.x anteriores a v6.1(5), v7.x anteriores a v7.1(3b)SU2, y v8.x anteriores a v8.0(1) permite a atacantes r... • http://securitytracker.com/id?1023670 •