S-189: SQL Injectionin Cisco Unified Communications Manager


 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-189: SQL Injectionin Cisco Unified Communications Manager
# 1  
Old 02-15-2008
S-189: SQL Injectionin Cisco Unified Communications Manager

Cisco Unified Communications Manager is vulnerable to a SQL Injection attack in the parameter key of the admin and user interface pages. A successful attack could allow an authenticated attacker to access information such as usernames and password hashes that are stored in the database. The risk is LOW. An authenticated attacker may be able to exploit this vulnerability to extract records from the Cisco Unified Communications Manager database. A successful attack might retrieve sensitive data such as user names, passwords hashes, and information from call records. An attacker cannot use this vulnerability to alter or delete call record information from the database.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question
Patch(3pm)						User Contributed Perl Documentation						Patch(3pm)

NAME
Text::Patch - Patches text with given patch SYNOPSIS
use Text::Patch; $output = patch( $source, $diff, STYLE => "Unified" ); use Text::Diff; $src = ... $dst = ... $diff = diff( $src, $dst, { STYLE => 'Unified' } ); $out = patch( $src, $diff, { STYLE => 'Unified' } ); print "Patch successful" if $out eq $dst; DESCRIPTION
Text::Patch combines source text with given diff (difference) data. Diff data is produced by Text::Diff module or by the standard diff utility (man diff, see -u option). patch( $source, $diff, options... ) First argument is source (original) text. Second is the diff data. Third argument can be either hash reference with options or all the rest arguments will be considered patch options: $output = patch( $source, $diff, STYLE => "Unified", ... ); $output = patch( $source, $diff, { STYLE => "Unified", ... } ); Options are: STYLE => 'Unified' STYLE can be "Unified", "Context" or "OldStyle". The 'Unified' diff format looks like this: @@ -1,7 +1,6 @@ -The Way that can be told of is not the eternal Way; -The name that can be named is not the eternal name. The Nameless is the origin of Heaven and Earth; -The Named is the mother of all things. +The named is the mother of all things. + Therefore let there always be non-being, so we may see their subtlety, And let there always be being, @@ -9,3 +8,6 @@ The two are the same, But after they are produced, they have different names. +They both may be called deep and profound. +Deeper and more profound, +The door of all subtleties! TODO
Interfaces with files, arrays, etc. AUTHOR
Vladi Belperchinov-Shabanski "Cade" <cade@biscom.net> <cade@datamax.bg> <cade@cpan.org> http://cade.datamax.bg VERSION
$Id: Patch.pm,v 1.6 2007/04/07 19:57:41 cade Exp $ perl v5.10.1 2010-10-04 Patch(3pm)