 |
|
|
|
| Многочисленные уязвимости безопасности в Cisco Unified MeetingPlace | | Опубликовано: |  | 28 января 2010 г. | | Источник: |  | BUGTRAQ | | SecurityVulns ID: |  | 10566 | | Тип: |  | удаленная | | Опасность: |  | 6/10 | | Описание: |  | SQL-инъекция, несанкционированный доступ, утечка информации, повышение привилегий. |
| Затронутые продукты: |  | CISCO : Unified MeetingPlace 5 | | | | CISCO : Unified MeetingPlace 6 | | | | CISCO : Unified MeetingPlace 7 | | CVE: |  | CVE-2010-0142 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote authenticated users to gain privileges via a modified authentication sequence, aka Bug ID CSCsv66530.) | | | | CVE-2010-0141 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified authentication sequence to the Audio Server, aka Bug ID CSCsv76935.) | | | | CVE-2010-0140 (Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661.) | | | | CVE-2010-0139 (Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in a database via unspecified vectors, aka Bug ID CSCtc39691.) |
|
|
|
|
|
|
|
|
