Computer Security
[EN] securityvulns.ru no-pyccku


Cisco CallManager crossite scripting and SQL injection
updated since 25.05.2007
Published:31.08.2007
Source:
SecurityVulns ID:7740
Type:remote
Threat Level:
5/10
Description:Crossite scripting via /CCMAdmin/serverlist.asp. SQL injection with /CCMUser/logon.asp.
Affected:CISCO : CallManager 4.1
Original documentdocumentElliot Kendall, SQL Injection in Cisco CallManager (31.08.2007)
 documentCISCO, Cisco Security Advisory: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page (29.08.2007)
 documentStefan Friedli, Cisco CallManager 4.1 Input Validation Vulnerability (25.05.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod