Vulnerabilities > Cisco > Unified Presence Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-06-25 | CVE-2015-4220 | Cross-site Scripting vulnerability in Cisco Unified Presence Server 9.1(1) Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773. | 4.3 |
| 2014-08-12 | CVE-2014-3339 | SQL Injection vulnerability in Cisco products Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290. | 6.5 |
| 2014-07-26 | CVE-2014-3328 | Resource Exhaustion vulnerability in Cisco Unified Presence Server The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125. | 5.0 |
| 2013-12-31 | CVE-2013-6983 | SQL Injection vulnerability in Cisco Unified Presence Server SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615. | 6.5 |
| 2013-05-10 | CVE-2013-1242 | Resource Management Errors vulnerability in Cisco Unified Presence Server Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080. | 5.0 |
| 2013-02-27 | CVE-2013-1137 | Buffer Errors vulnerability in Cisco Unified Presence Server 8.6/9.0/9.1 Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930. | 7.8 |
| 2011-08-29 | CVE-2011-1643 | Information Exposure vulnerability in Cisco products Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833. | 10.0 |
| 2010-08-26 | CVE-2010-2840 | Improper Input Validation vulnerability in Cisco Unified Presence Server The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629. | 7.8 |
| 2010-08-26 | CVE-2010-2839 | Resource Management Errors vulnerability in Cisco Unified Presence Server SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474. | 7.8 |
| 2009-10-16 | CVE-2009-2874 | Denial of Service vulnerability in Cisco Unified Presence TimesTenD Process The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662. | 7.8 |