CVSS: 7.8EPSS: 1%CPEs: 46EXPL: 0CVE-2009-2864
https://notcve.org/view.php?id=CVE-2009-2864
28 Sep 2009 — Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423. Cisco Unified Communications Manager (también conocido como CUCM, antiguamente como CallManager) v5.x anterior a v5.1(3g), v6.x anterior a v6.1(4), v7.0.x anterior a v7.0(2a)su1 y v7.1.x anterior a v7.1(2) permite a usuarios remotos... • http://osvdb.org/58344 •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 1CVE-2008-0026 – Cisco Unified Communications Manager 6.1 - 'key' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0026
14 Feb 2008 — SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. Una vulnerabilidad de la inyección SQL en Cisco Unified CallManager/Communications Manager (CUCM) versiones 5.0/5.1 anteriores a 5.1(3a) y versiones 6.0/6.1 anteriores a 6.1(1a), permite a los usuarios autenticados remotos ejecutar comand... • https://www.exploit-db.com/exploits/31189 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •