CVSS: 7.8EPSS: 1%CPEs: 46EXPL: 0CVE-2009-2864
https://notcve.org/view.php?id=CVE-2009-2864
28 Sep 2009 — Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423. Cisco Unified Communications Manager (también conocido como CUCM, antiguamente como CallManager) v5.x anterior a v5.1(3g), v6.x anterior a v6.1(4), v7.0.x anterior a v7.0(2a)su1 y v7.1.x anterior a v7.1(2) permite a usuarios remotos... • http://osvdb.org/58344 •
CVSS: 7.8EPSS: 1%CPEs: 20EXPL: 0CVE-2008-1744
https://notcve.org/view.php?id=CVE-2008-1744
16 May 2008 — The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770. El servicio Certificate Authority Proxy Function (CAPF) service de Cisco Unified Communications Manager (CUCM) 4.1 versiones anteriores a 4.1(3)SR7, 4.2 versiones anteriores a 4.2(3)SR4, y 4.3 versiones anteriores a 4.3(... • http://secunia.com/advisories/30238 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 1CVE-2008-0026 – Cisco Unified Communications Manager 6.1 - 'key' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0026
14 Feb 2008 — SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. Una vulnerabilidad de la inyección SQL en Cisco Unified CallManager/Communications Manager (CUCM) versiones 5.0/5.1 anteriores a 5.1(3a) y versiones 6.0/6.1 anteriores a 6.1(1a), permite a los usuarios autenticados remotos ejecutar comand... • https://www.exploit-db.com/exploits/31189 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 9%CPEs: 6EXPL: 0CVE-2006-5278
https://notcve.org/view.php?id=CVE-2006-5278
15 Jul 2007 — Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow. Desbordamiento de entero en Real-Time Information Server (RIS) Data Collector service (RisDC.exe) de Cisco Unified Communications Manager (CUCM, anteriormente denominado CallManager) versiones anteriores a 20070711 permi... • http://secunia.com/advisories/26043 •