Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

R-336: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logo

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) R-336: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logo
# 1  
Old 12-24-2007
R-336: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logo
Cisco CallManager and Unified Communications Manager are vulnerable to cross-site Scripting (XSS) and SQL Injection attacks in the lang variable of the admin and user logon pages. The risk is MEDIUM. A successful attack may allow an attacker to run JavaScript on computer systems connecting to CallManager or Unified Communications Manager servers, and has the potential to disclose information within the database.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

XSS vulnerability found via injection in the parameter address

Mods please move if posted in wrong section, I wasnt sure where to ask this one. There are several of us that use an open source program called yiimp, https://github.com/tpruvot/yiimp several of our sites were attacked last night and I am reaching out to you guys to see if then vulnerability... (0 Replies)
Discussion started by: crombiecrunch
0 Replies

2. Shell Programming and Scripting

SQL Injection Detection

I want to grep/awk /var/log/httpd/mysite-access_log.log and check if 2 words from the following appear in a single line: benchmark union information_schema drop truncate group_concat into file case hex lpad group order having insert union select from (12 Replies)
Discussion started by: koutroul
12 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

sql::statement::term

SQL::Statement::Term(3pm)				User Contributed Perl Documentation				 SQL::Statement::Term(3pm)

NAME

       SQL::Statement::Term - base class for all terms

SYNOPSIS

	 # create a term with an SQL::Statement object as owner
	 my $term = SQL::Statement::Term->new( $owner );
	 # access the value of that term
	 $term->value( $eval );

DESCRIPTION

       SQL::Statement::Term is an abstract base class providing the interface for all terms.

INHERITANCE

	 SQL::Statement::Term

METHODS

   new
       Instantiates new term and stores a weak reference to the owner.

   value
       Abstract method which will return the value of the term. Must be overridden by derived classes.

   DESTROY
       Destroys the term and undefines the weak reference to the owner.

NAME

       SQL::Statement::ConstantTerm - term for constant values

SYNOPSIS

	 # create a term with an SQL::Statement object as owner
	 my $term = SQL::Statement::ConstantTerm->new( $owner, 'foo' );
	 # access the value of that term - returns 'foo'
	 $term->value( $eval );

DESCRIPTION

       SQL::Statement::ConstantTerm implements a term which will always return the same constant value.

INHERITANCE

	 SQL::Statement::ConstantTerm
	 ISA SQL::Statement::Term

METHODS

   new
       Instantiates new term and stores the constant to deliver and a weak reference to the owner.

   value
       Returns the specified constant.

NAME

       SQL::Statement::ColumnValue - term for column values

SYNOPSIS

	 # create a term with an SQL::Statement object as owner
	 my $term = SQL::Statement::ColumnValue->new( $owner, 'id' );
	 # access the value of that term - returns the value of the column 'id'
	 # of the currently active row in $eval
	 $term->value( $eval );

DESCRIPTION

       SQL::Statement::ColumnValue implements a term which will return the specified column of the active row.

INHERITANCE

	 SQL::Statement::ColumnValue
	 ISA SQL::Statement::Term

METHODS

   new
       Instantiates new term and stores the column name to deliver and a weak reference to the owner.

   value
       Returns the specified column value.

AUTHOR AND COPYRIGHT

       Copyright (c) 2009,2010 by Jens Rehsack: rehsackATcpan.org

       All rights reserved.

       You may distribute this module under the terms of either the GNU General Public License or the Artistic License, as specified in the Perl
       README file.

perl v5.10.1							    2011-02-01						 SQL::Statement::Term(3pm)