New User, Welcome!     Login

Brandeis University

SQL Injection in Cisco CallManager

CallManager server.

CREDITS
=======

Brandeis University worked with Cisco to release this information in a
responsible manner. Cisco has released a Security Advisory on this
issue at:

http://www.cisco.com/warp/public/707/cisco-sa-20070829-ccm.shtml

Cisco Security Advisory: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page

The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.

This vulnerability was reported to Cisco independently by Gama SEC and
Elliot Kendall from Brandeis University. We would like to thank Gama
SEC and Elliot Kendall for bringing this issue to our attention and
for working with us toward coordinated disclosure of the issue. We
greatly appreciate the opportunity to work with researchers on security
vulnerabilities, and welcome the opportunity to review and assist in
product reports.

Directory Traversal in SafeNet Sentinel Protection Server and Keys Server

2007-11-26  original release

-- 
Elliot Kendall <ekendall@brandeis.edu>
Network Security Architect
Brandeis University

Trouble replying? See http://people.brandeis.edu/~ekendall/sign/


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!