CVE-2009-2864
https://notcve.org/view.php?id=CVE-2009-2864
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423. Cisco Unified Communications Manager (también conocido como CUCM, antiguamente como CallManager) v5.x anterior a v5.1(3g), v6.x anterior a v6.1(4), v7.0.x anterior a v7.0(2a)su1 y v7.1.x anterior a v7.1(2) permite a usuarios remotos provocar una denegación del servicio (reinicio del servicio) a través de mensajes SIP malformados. También conocido como Bug ID CSCsz95423. • http://osvdb.org/58344 http://secunia.com/advisories/36836 http://tools.cisco.com/security/center/viewAlert.x?alertId=18883 http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml http://www.securityfocus.com/bid/36496 http://www.securitytracker.com/id?1022931 http://www.vupen.com/english/advisories/2009/2757 https://exchange.xforce.ibmcloud.com/vulnerabilities/53447 •
CVE-2008-0026 – Cisco Unified Communications Manager 6.1 - 'key' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0026
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. Una vulnerabilidad de la inyección SQL en Cisco Unified CallManager/Communications Manager (CUCM) versiones 5.0/5.1 anteriores a 5.1(3a) y versiones 6.0/6.1 anteriores a 6.1(1a), permite a los usuarios autenticados remotos ejecutar comandos SQL arbitrarios por medio del parámetro key en las páginas de interfaz de (1) administrador y (2) usuario. • https://www.exploit-db.com/exploits/31189 http://secunia.com/advisories/28932 http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml http://www.securityfocus.com/bid/27775 http://www.securitytracker.com/id?1019404 http://www.vupen.com/english/advisories/2008/0542 https://exchange.xforce.ibmcloud.com/vulnerabilities/40484 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-5537
https://notcve.org/view.php?id=CVE-2007-5537
Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822. Cisco Unified communications Manager (CUCM, anteriormente CallManager) 5.1 anterior a 5.1(2), y Unified CallManager 5.0, permiten a atacantes remotos provocar una denegación de servicio (kernel panic) mediante una inundación de mensajes SIP INVITE al puerto UDP 5060, lo cual dispara un agotamiento de recursos, también conocida como, CSCsi75822. • http://osvdb.org/37941 http://secunia.com/advisories/27296 http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml http://www.securityfocus.com/bid/26105 http://www.securitytracker.com/id?1018828 http://www.vupen.com/english/advisories/2007/3532 https://exchange.xforce.ibmcloud.com/vulnerabilities/37246 • CWE-399: Resource Management Errors •
CVE-2007-5538
https://notcve.org/view.php?id=CVE-2007-5538
Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712. Desbordamiento de búfer en Centralized TFTP File Locator Service de Cisco Unified Communications Manager (CUCM, antes conocido como CallManager) 5.1 anterior a 5.1(3), y Unified CallManager 5.0, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio mediante vectores no especificados que implican el procesamiento de nombres de fichero, también conocido como CSCsh47712. • http://osvdb.org/37940 http://secunia.com/advisories/27296 http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml http://www.securityfocus.com/bid/26105 http://www.securitytracker.com/id?1018828 http://www.vupen.com/english/advisories/2007/3532 https://exchange.xforce.ibmcloud.com/vulnerabilities/37247 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-5278
https://notcve.org/view.php?id=CVE-2006-5278
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow. Desbordamiento de entero en Real-Time Information Server (RIS) Data Collector service (RisDC.exe) de Cisco Unified Communications Manager (CUCM, anteriormente denominado CallManager) versiones anteriores a 20070711 permite a atacantes remotos ejecutar código de su elección mediante paquetes manipulados, resultando en un desbordamiento de búfer basado en montículo. • http://secunia.com/advisories/26043 http://securitytracker.com/id?1018369 http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml http://www.iss.net/threats/271.html http://www.osvdb.org/36121 http://www.securityfocus.com/bid/24868 http://www.vupen.com/english/advisories/2007/2512 https://exchange.xforce.ibmcloud.com/vulnerabilities/19057 •