cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-15968,https://securityvulnerability.io/vulnerability/CVE-2019-15968,Cisco Unified Communications Domain Manager Persistent Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Unified Communications Domain Manager,5.4,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-08-05T02:15:45.000Z,,false,false,,2019-11-26T04:15:00.000Z,0
CVE-2019-1911,https://securityvulnerability.io/vulnerability/CVE-2019-1911,Cisco Unified Communications Domain Manager Restricted Shell Escape Vulnerability,"A vulnerability in the CLI of Cisco Unified Communications Domain Manager (Cisco Unified CDM) Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could exploit this vulnerability by executing crafted commands in the shell. A successful exploit could allow the attacker to escape the restricted shell and access commands in the context of the restricted shell user, which does not have root privileges.",Cisco,Cisco Unified Communications Domain Manager,5.3,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-04T19:16:17.000Z,,false,false,,2019-07-06T02:15:00.000Z,0
CVE-2018-0386,https://securityvulnerability.io/vulnerability/CVE-2018-0386,,"A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker could exploit this vulnerability by persuading a user of the affected software to access a malicious URL. A successful exploit could allow the attacker to access sensitive, browser-based information on the affected system or perform arbitrary actions in the affected software in the security context of the user. Cisco Bug IDs: CSCvh49694.",Cisco,Unified Communications Domain Manager Software,6.1,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2018-08-15T00:00:00.000Z,0
CVE-2018-0364,https://securityvulnerability.io/vulnerability/CVE-2018-0364,,"A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi44320.",Cisco,Cisco Unified Communications Domain Manager Unknown,8.8,HIGH,0.0010000000474974513,false,,false,false,false,,,false,false,,2018-06-21T11:00:00.000Z,0
CVE-2018-0124,https://securityvulnerability.io/vulnerability/CVE-2018-0124,,"A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application. An exploit could allow the attacker to execute arbitrary code. This vulnerability affects Cisco Unified Communications Domain Manager releases prior to 11.5(2). Cisco Bug IDs: CSCuv67964.",Cisco,Cisco Unified Communications Domain Manager,9.8,CRITICAL,0.01840999908745289,false,,false,false,false,,,false,false,,2018-02-22T00:00:00.000Z,0
CVE-2017-6668,https://securityvulnerability.io/vulnerability/CVE-2017-6668,,"Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1.",Cisco,Cisco Unified Communications Domain Manager,4.9,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2017-06-13T06:00:00.000Z,0
CVE-2017-6670,https://securityvulnerability.io/vulnerability/CVE-2017-6670,,"A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. More Information: CSCvc54813. Known Affected Releases: 8.1(7)ER1.",Cisco,Cisco Unified Communications Domain Manager,6.1,MEDIUM,0.001339999958872795,false,,false,false,false,,,false,false,,2017-06-13T06:00:00.000Z,0
CVE-2016-1354,https://securityvulnerability.io/vulnerability/CVE-2016-1354,,"Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176.",Cisco,Unified Communications Domain Manager,6.1,MEDIUM,0.0013200000394135714,false,,false,false,false,,,false,false,,2016-03-03T15:00:00.000Z,0
CVE-2015-6422,https://securityvulnerability.io/vulnerability/CVE-2015-6422,,"The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981.",Cisco,Unified Communications Domain Manager,,,0.0021800000686198473,false,,false,false,false,,,false,false,,2015-12-14T02:00:00.000Z,0
CVE-2015-4196,https://securityvulnerability.io/vulnerability/CVE-2015-4196,,"Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546.",Cisco,Unified Communications Domain Manager,,,0.0016400000313296914,false,,false,false,false,,,false,false,,2015-07-04T10:00:00.000Z,0
CVE-2015-4229,https://securityvulnerability.io/vulnerability/CVE-2015-4229,,"The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589.",Cisco,Unified Communications Domain Manager,,,0.001129999989643693,false,,false,false,false,,,false,false,,2015-06-30T10:00:00.000Z,0
CVE-2015-0699,https://securityvulnerability.io/vulnerability/CVE-2015-0699,,"SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563.",Cisco,Unified Communications Domain Manager,,,0.001069999998435378,false,,false,false,false,,,false,false,,2015-04-15T10:00:00.000Z,0
CVE-2015-0683,https://securityvulnerability.io/vulnerability/CVE-2015-0683,,"Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744.",Cisco,Unified Communications Domain Manager,,,0.0010100000072270632,false,,false,false,false,,,false,false,,2015-04-03T10:00:00.000Z,0
CVE-2015-0684,https://securityvulnerability.io/vulnerability/CVE-2015-0684,,"SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515.",Cisco,Unified Communications Domain Manager,,,0.0009899999713525176,false,,false,false,false,,,false,false,,2015-04-03T10:00:00.000Z,0
CVE-2015-0682,https://securityvulnerability.io/vulnerability/CVE-2015-0682,,"Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a ""deprecated page,"" aka Bug ID CSCup90168.",Cisco,Unified Communications Domain Manager,,,0.002050000010058284,false,,false,false,false,,,false,false,,2015-04-03T10:00:00.000Z,0
CVE-2015-0588,https://securityvulnerability.io/vulnerability/CVE-2015-0588,,"Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055.",Cisco,Unified Communications Domain Manager,,,0.0026599999982863665,false,,false,false,false,,,false,false,,2015-01-15T22:00:00.000Z,0
CVE-2015-0591,https://securityvulnerability.io/vulnerability/CVE-2015-0591,,"Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177.",Cisco,Unified Communications Domain Manager,,,0.0037899999879300594,false,,false,false,false,,,false,false,,2015-01-15T22:00:00.000Z,0
CVE-2014-8020,https://securityvulnerability.io/vulnerability/CVE-2014-8020,,"Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of malformed TCP packets and UDP packets, aka Bug ID CSCup25276.",Cisco,Unified Communications Domain Manager,,,0.00675999978557229,false,,false,false,false,,,false,false,,2015-01-10T02:00:00.000Z,0
CVE-2014-8018,https://securityvulnerability.io/vulnerability/CVE-2014-8018,,"Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661.",Cisco,Unified Communications Domain Manager,,,0.0019199999514967203,false,,false,false,false,,,false,false,,2014-12-22T19:00:00.000Z,0
CVE-2014-8010,https://securityvulnerability.io/vulnerability/CVE-2014-8010,,"The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205.",Cisco,Unified Communications Domain Manager,,,0.001769999973475933,false,,false,false,false,,,false,false,,2014-12-10T21:00:00.000Z,0
CVE-2014-3380,https://securityvulnerability.io/vulnerability/CVE-2014-3380,,"Cisco Unified Communications Domain Manager Platform Software 4.4(.3) and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending crafted TCP packets quickly, aka Bug ID CSCuo42063.",Cisco,Unified Communications Domain Manager Platform,,,0.01355000026524067,false,,false,false,false,,,false,false,,2014-09-24T00:00:00.000Z,0
CVE-2014-3339,https://securityvulnerability.io/vulnerability/CVE-2014-3339,,"Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290.",Cisco,"Unified Communications Domain Manager,Unified Presence Server",,,0.0029800001066178083,false,,false,false,false,,,false,false,,2014-08-12T23:55:00.000Z,0
CVE-2014-3337,https://securityvulnerability.io/vulnerability/CVE-2014-3337,,"The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428.",Cisco,Unified Communications Domain Manager,,,0.01042999979108572,false,,false,false,false,,,false,false,,2014-08-12T22:00:00.000Z,0
CVE-2014-3320,https://securityvulnerability.io/vulnerability/CVE-2014-3320,,"Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka Bug ID CSCuo48835.",Cisco,Unified Communications Domain Manager,,,0.0015300000086426735,false,,false,false,false,,,false,false,,2014-07-18T01:00:00.000Z,0
CVE-2014-3300,https://securityvulnerability.io/vulnerability/CVE-2014-3300,,"The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041.",Cisco,"Unified Communications Domain Manager,Unified Cdm Application Software",,,0.3403399884700775,false,,false,false,false,,,false,false,,2014-07-07T10:00:00.000Z,0