Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-189: SQL Injectionin Cisco Unified Communications Manager

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-189: SQL Injectionin Cisco Unified Communications Manager
# 1  
Old 02-15-2008
S-189: SQL Injectionin Cisco Unified Communications Manager
Cisco Unified Communications Manager is vulnerable to a SQL Injection attack in the parameter key of the admin and user interface pages. A successful attack could allow an authenticated attacker to access information such as usernames and password hashes that are stored in the database. The risk is LOW. An authenticated attacker may be able to exploit this vulnerability to extract records from the Cisco Unified Communications Manager database. A successful attack might retrieve sensitive data such as user names, passwords hashes, and information from call records. An attacker cannot use this vulnerability to alter or delete call record information from the database.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

cvm-pgsql

cvm-pgsql(8)						      System Manager's Manual						      cvm-pgsql(8)

NAME

       cvm-pgsql - PgSQL module

SYNOPSIS

       cvm-pgsql

CREDENTIALS

       Pass phrase

DESCRIPTION

       This module queries a PgSQL database for the account name, compares the stored pass phrase with the given one using crypt(3).

CONFIGURATION VARIABLES

       The server hostname, port, database, username, password, and additional options can be controlled by setting $PGHOST, $PGPORT, $PGDATABASE,
       $PGUSER, $PGPASSWORD, and $PGOPTIONS respectively, which are parsed by the PgSQL client library.

       CVM_MYSQL_POSTQ (optional)
	      The SQL query to execute after the credentials have been validated, see cvm-sql(7).

       CVM_PGSQL_PWCMP (optional)
	      The password comparison module to use.

       CVM_PGSQL_QUERY (optional)
	      The SQL query to issue to retrieve the row containing the account information from the database.

SEE ALSO

       cvm-sql(7), cvm-mysql(8), cvm-pwfile(8), cvm-qmail(8), cvm-unix(8), cvm-vmailmgr(8),  cvm-benchclient(8),  cvm-checkpassword(8),  cvm-test-
       client(8)

	http://untroubled.org/pwcmp/pwcmp.html
	http://untroubled.org/cvm/cvm.html

																      cvm-pgsql(8)