Cisco Security Advisories
XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page
Cisco CallManager and Unified Communications Manager are vulnerable to cross-site Scripting (XSS) and SQL Injection attacks in the lang variable of the admin and user logon pages. A successful attack may allow an attacker to run JavaScript on computer systems connecting to CallManager or Unified Communications Manager servers, and has the potential to disclose information within the database.
Denial of Service Vulnerabilities in Content Switching Module
The Cisco Content Switching Modules (CSM) and Cisco Content Switching Module with SSL (CSM-S) contain two vulnerabilities that can lead to a denial of service (DoS) condition. The first vulnerability exists when processing TCP packets, and the second vulnerability affects devices with service termination enabled.
Cisco Video Surveillance IP Gateway and Services Platform Authentication Vulnerabilities
Cisco Video Surveillance IP Gateway video encoder and decoder, Services Platform (SP), and Integrated Services Platform (ISP) devices contain authentication vulnerabilities that allow remote users with network connectivity to gain the complete administrative control of vulnerable devices. There are no workarounds for these vulnerabilities.
posted by Fergie @ 9/05/2007 03:00:00 PM
0 Comments:
Post a Comment
<< Home