Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

R-336: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logo

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) R-336: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logo
# 1  
Old 12-24-2007
R-336: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logo
Cisco CallManager and Unified Communications Manager are vulnerable to cross-site Scripting (XSS) and SQL Injection attacks in the lang variable of the admin and user logon pages. The risk is MEDIUM. A successful attack may allow an attacker to run JavaScript on computer systems connecting to CallManager or Unified Communications Manager servers, and has the potential to disclose information within the database.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

XSS vulnerability found via injection in the parameter address

Mods please move if posted in wrong section, I wasnt sure where to ask this one. There are several of us that use an open source program called yiimp, https://github.com/tpruvot/yiimp several of our sites were attacked last night and I am reaching out to you guys to see if then vulnerability... (0 Replies)
Discussion started by: crombiecrunch
0 Replies

2. Shell Programming and Scripting

SQL Injection Detection

I want to grep/awk /var/log/httpd/mysite-access_log.log and check if 2 words from the following appear in a single line: benchmark union information_schema drop truncate group_concat into file case hex lpad group order having insert union select from (12 Replies)
Discussion started by: koutroul
12 Replies
Login or Register to Ask a Question

LEARN ABOUT OSX

sql::translator::parser::dbix::class

SQL::Translator::Parser::DBIx::Class(3) 		User Contributed Perl Documentation		   SQL::Translator::Parser::DBIx::Class(3)

NAME

       SQL::Translator::Parser::DBIx::Class - Create a SQL::Translator schema from a DBIx::Class::Schema instance

SYNOPSIS

	## Via DBIx::Class
	use MyApp::Schema;
	my $schema = MyApp::Schema->connect("dbi:SQLite:something.db");
	$schema->create_ddl_dir();
	## or
	$schema->deploy();

	## Standalone
	use MyApp::Schema;
	use SQL::Translator;

	my $schema = MyApp::Schema->connect;
	my $trans  = SQL::Translator->new (
	     parser	 => 'SQL::Translator::Parser::DBIx::Class',
	     parser_args => {
		 package => $schema,
		 add_fk_index => 0,
		 sources => [qw/
		   Artist
		   CD
		 /],
	     },
	     producer	 => 'SQLite',
	    ) or die SQL::Translator->error;
	my $out = $trans->translate() or die $trans->error;

DESCRIPTION

       This class requires SQL::Translator installed to work.

       "SQL::Translator::Parser::DBIx::Class" reads a DBIx::Class schema, interrogates the columns, and stuffs it all in an $sqlt_schema object.

       Its primary use is in deploying database layouts described as a set of DBIx::Class classes, to a database. To do this, see "deploy" in
       DBIx::Class::Schema.

       This can also be achieved by having DBIx::Class export the schema as a set of SQL files ready for import into your database, or passed to
       other machines that need to have your application installed but don't have SQL::Translator installed. To do this see "create_ddl_dir" in
       DBIx::Class::Schema.

PARSER OPTIONS

   add_fk_index
       Create an index for each foreign key.  Enabled by default, as having indexed foreign key columns is normally the sensible thing to do.

   sources
       Arguments: @class_names

       Limit the amount of parsed sources by supplying an explicit list of source names.

SEE ALSO

       SQL::Translator, DBIx::Class::Schema

AUTHORS

       See "CONTRIBUTORS" in DBIx::Class.

LICENSE

       You may distribute this code under the same terms as Perl itself.

perl v5.16.2							    2012-08-16				   SQL::Translator::Parser::DBIx::Class(3)