4 results (0.004 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service (service outage) via an unspecified URL in a GET request, aka Bug ID CSCuu37656. Cisco IP Communicator 8.6(4) permite a atacantes remotos causar una denegación de servicio (interrupción de servicio) a través de una URL no especificada en una solicitud GET, también conocido como Bug ID CSCuu37656. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39623 http://www.securitytracker.com/id/1032807 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify the Certificate Trust List via unspecified vectors, aka Bug ID CSCtz01471. Cisco IP Communicator v8.6 permite un ataque man-in-the-middle modificar la lista de certificados de confianza a través de vectores no especificados, también conocido como Bug ID CSCtz01471. • http://www.cisco.com/en/US/docs/voice_ip_comm/cipc/8_5/english/release_notes/CIPC8x_RN.html • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook messages, as demonstrated by a Plantronics headset, aka Bug ID CSCti40315. El componente de protocolo SCCP de Cisco IP Communicator (CIPC) v7.0 a v8.6 no limita la velocidad de mensajes SCCP de Cisco Unified Communications Manager (CUCM), lo que permite a atacantes remotos provocar una denegación de servicio a través de vectores que se disparan mensajes gancho de (1) dentro o (2) fuera, como lo demuestra un auricular de Plantronics, también conocido como Bug ID CSCti40315. • http://www.cisco.com/en/US/docs/voice_ip_comm/cipc/8_5/english/release_notes/CIPC8x_RN.html http://www.securitytracker.com/id?1027013 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.5EPSS: 0%CPEs: 40EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en (1) PreSearch.html y (2) PreSearch.class en Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks y productos relacionados, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), y Wireless Control System (WCS) permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de campos de texto de un formulario de búsqueda. • http://secunia.com/advisories/24499 http://securityreason.com/securityalert/2437 http://www.cisco.com/en/US/products/products_security_response09186a0080803fe4.html http://www.securityfocus.com/archive/1/462932/100/0/threaded http://www.securityfocus.com/archive/1/462944/100/0/threaded http://www.securityfocus.com/bid/22982 http://www.securitytracker.com/id?1017778 http://www.vupen.com/english/advisories/2007/0973 https://exchange.xforce.ibmcloud.com/vulnerabilities/33024 •