Showing 1 - 3 of 3

CVE-2011-1610

Status Candidate

Overview

Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.

Related Files

Cisco SQL Injection: Posted May 3, 2011; Site vsecurity.com; VSR has provided details for exploitation of a SQL injection vulnerability in the Cisco Unified CM.; tags | exploit, sql injection; systems | cisco; advisories | CVE-2011-1610; SHA-256 | 431609db2a8f65e9c7c940eb4f778ca8b8667fd1087f8395211a97ef55ea6ce0; Download | Favorite | View

Zero Day Initiative Advisory 11-143: Posted Apr 29, 2011; Authored by Tipping Point | Site zerodayinitiative.com; Zero Day Initiative Advisory 11-143 - This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Cisco Unified CM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Call Manager component. The system exposes an Apache webserver which contains a JSP script vulnerable to SQL injection. The xmldirectorylist.jsp file does not properly validate the f, l, and n parameters before passing them to the database. A remote attacker can abuse this to inject SQL statements to be evaluated by the underlying database.; tags | advisory, remote, arbitrary, sql injection; systems | cisco; advisories | CVE-2011-1610; SHA-256 | fa308914464bf01926e9a4d4ac3410d95c29f7cd0ee2f39af6da943a997c5e67; Download | Favorite | View

Cisco Security Advisory 20110427-cucm: Posted Apr 28, 2011; Authored by Cisco Systems | Site cisco.com; Cisco Security Advisory - The Cisco Unified Communications Manager (previously known as Cisco CallManager) contains three denial of service, one directory traversal, and two remote SQL injection vulnerabilities. Cisco has released free software updates for affected Cisco Unified Communications Manager versions to address the vulnerabilities. A workaround exists only for the SIP DoS vulnerabilities.; tags | advisory, remote, denial of service, vulnerability, sql injection; systems | cisco; advisories | CVE-2011-1604, CVE-2011-1605, CVE-2011-1606, CVE-2011-1607, CVE-2011-1609, CVE-2011-1610; SHA-256 | 5ae74f0b10827f96802e2977dc8fccc4979630a072e817f89575dcdb335060fa; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2011-1610

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems