R-336: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logo

Tags

Special Forums Cybersecurity Security Advisories (RSS) R-336: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logo

12-24-2007

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

R-336: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logo

Cisco CallManager and Unified Communications Manager are vulnerable to cross-site Scripting (XSS) and SQL Injection attacks in the lang variable of the admin and user logon pages. The risk is MEDIUM. A successful attack may allow an attacker to run JavaScript on computer systems connecting to CallManager or Unified Communications Manager servers, and has the potential to disclose information within the database.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

XSS vulnerability found via injection in the parameter address

Mods please move if posted in wrong section, I wasnt sure where to ask this one. There are several of us that use an open source program called yiimp, https://github.com/tpruvot/yiimp several of our sites were attacked last night and I am reaching out to you guys to see if then vulnerability...

2. Shell Programming and Scripting

SQL Injection Detection

I want to grep/awk /var/log/httpd/mysite-access_log.log and check if 2 words from the following appear in a single line: benchmark union information_schema drop truncate group_concat into file case hex lpad group order having insert union select from

LEARN ABOUT DEBIAN

snmp::info::layer3::ciscofwsm

Info::Layer3::CiscoFWSM(3pm)				User Contributed Perl Documentation			      Info::Layer3::CiscoFWSM(3pm)

NAME

       SNMP::Info::Layer3::CiscoFWSM - SNMP Interface to Firewall Services Modules for features not covered elsewhere.

AUTHOR

       Brian De Wolf

SYNOPSIS

	# Let SNMP::Info determine the correct subclass for you.
	my $fwsm = new SNMP::Info(
			       AutoSpecify => 1,
			       Debug	   => 1,
			       # These arguments are passed directly to SNMP::Session
			       DestHost    => 'myswitch',
			       Community   => 'public',
			       Version	   => 2
			       )
	   or die "Can't connect to DestHost.
";

	my $class      = $fwsm->class();
	print "SNMP::Info determined this device to fall under subclass : $class
";

DESCRIPTION

       Subclass for Cisco Firewall Services Modules

   Inherited Classes
       SNMP::Info::Layer3::Cisco

   Required MIBs
       Inherited Classes' MIBs
	   See "Required MIBs" in SNMP::Info::Layer3::Cisco for its own MIB requirements.

GLOBALS

   Global Methods imported from SNMP::Info::Layer3::Cisco
       See documentation in "GLOBALS" in SNMP::Info::Layer3::Cisco for details.

TABLE METHODS

       These are methods that return tables of information in the form of a reference to a hash.

   Overrides
       $fwsm->at_paddr()
	   This function derives the at_paddr information from the n2p_paddr() table as the MIB to provide that information isn't supported on
	   FWSMs.

       $fwsm->at_netaddr()
	   This function derives the at_netaddr information from the n2p_paddr() table as the MIB to provide that information isn't supported on
	   FWSMs.

       $fwsm->at_ifaddr()
	   This function derives the at_ifaddr information from the n2p_paddr() table as the MIB to provide that information isn't supported on
	   FWSMs.

   Table Methods imported from SNMP::Info::Layer3::Cisco
       See documentation in "TABLE METHODS" in SNMP::Info::Layer3::Cisco for details.

perl v5.12.4							    2011-09-28					      Info::Layer3::CiscoFWSM(3pm)

Security Advisories (RSS)