Download
| Alert*
|
CVE-2016-1410
Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312. CVE-2014-2199 meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive ... CVE-2014-3310 The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463. CVE-2014-3311 Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467. CVE-2013-6960 Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248. CVE-2013-6970 Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928. CVE-2013-6964 Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197. CVE-2013-6962 Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228. CVE-2013-6961 Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237. CVE-2015-0590 Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165. CVE-2015-0583 Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281. CVE-2015-4207 Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147. CVE-2015-4208 Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398. CVE-2015-4209 Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913. CVE-2015-4194 The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information ... CVE-2015-4210 Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806. CVE-2015-4212 Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466. |
