R-336: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logo

Tags

Special Forums Cybersecurity Security Advisories (RSS) R-336: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logo

12-24-2007

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

R-336: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logo

Cisco CallManager and Unified Communications Manager are vulnerable to cross-site Scripting (XSS) and SQL Injection attacks in the lang variable of the admin and user logon pages. The risk is MEDIUM. A successful attack may allow an attacker to run JavaScript on computer systems connecting to CallManager or Unified Communications Manager servers, and has the potential to disclose information within the database.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

XSS vulnerability found via injection in the parameter address

Mods please move if posted in wrong section, I wasnt sure where to ask this one. There are several of us that use an open source program called yiimp, https://github.com/tpruvot/yiimp several of our sites were attacked last night and I am reaching out to you guys to see if then vulnerability...

2. Shell Programming and Scripting

SQL Injection Detection

I want to grep/awk /var/log/httpd/mysite-access_log.log and check if 2 words from the following appear in a single line: benchmark union information_schema drop truncate group_concat into file case hex lpad group order having insert union select from

LEARN ABOUT DEBIAN

sql::reservedwords

SQL::ReservedWords(3pm) 				User Contributed Perl Documentation				   SQL::ReservedWords(3pm)

NAME

       SQL::ReservedWords - Reserved SQL words by ANSI/ISO

SYNOPSIS

	  if ( SQL::ReservedWords->is_reserved( $word ) ) {
	      print "$word is a reserved SQL word!";
	  }

DESCRIPTION

       Determine if words are reserved by ANSI/ISO SQL standard.

METHODS

       is_reserved( $word )
	   Returns a boolean indicating if $word is reserved by either "SQL:1992", "SQL:1999" or "SQL:2003".

       is_reserved_by_sql1992( $word )
	   Returns a boolean indicating if $word is reserved by "SQL:1992".

       is_reserved_by_sql1999( $word )
	   Returns a boolean indicating if $word is reserved by "SQL:1999".

       is_reserved_by_sql2003( $word )
	   Returns a boolean indicating if $word is reserved by "SQL:2003".

       reserved_by( $word )
	   Returns a list with SQL standards that reserves $word.

       words
	   Returns a list with all reserved words.

EXPORTS

       Nothing by default. Following subroutines can be exported:

       is_reserved
       is_reserved_by_sql1992
       is_reserved_by_sql1999
       is_reserved_by_sql2003
       reserved_by
       words

SEE ALSO

       SQL::ReservedWords::DB2

       SQL::ReservedWords::MySQL

       SQL::ReservedWords::ODBC

       SQL::ReservedWords::Oracle

       SQL::ReservedWords::PostgreSQL

       SQL::ReservedWords::SQLite

       SQL::ReservedWords::SQLServer

       ISO/IEC 9075:1992 Database languages -- SQL

       ISO/IEC 9075-2:1999 Database languages -- SQL -- Part 2: Foundation (SQL/Foundation)

       ISO/IEC 9075-2:2003 Database languages -- SQL -- Part 2: Foundation (SQL/Foundation)

AUTHOR

       Christian Hansen "chansen@cpan.org"

COPYRIGHT

       This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.8.8							    2008-03-28						   SQL::ReservedWords(3pm)

Security Advisories (RSS)