CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15987 – Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-15987
26 Nov 2019 — A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the u... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 16%CPEs: 63EXPL: 0CVE-2017-6753
https://notcve.org/view.php?id=CVE-2017-6753
25 Jul 2017 — A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defec... • http://www.securityfocus.com/bid/99614 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2014-2199
https://notcve.org/view.php?id=CVE-2014-2199
20 May 2014 — meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738. meetinginfo.do en Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Ce... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6966
https://notcve.org/view.php?id=CVE-2013-6966
17 Dec 2013 — Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031. Vulnerabilidad de redirección abierta en Cisco WebEx Training Center que permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados, también conocido como Bug ID CSCul36031. • http://osvdb.org/100909 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6709
https://notcve.org/view.php?id=CVE-2013-6709
14 Dec 2013 — The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111. El componente de registro en Cisco WebEx Training Center proporciona la URL de capacitación de sesión antes de que se complete el pago, que permite a atacantes remotos evitar las restricciones de acceso previstos y unirse a u... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6709 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6710
https://notcve.org/view.php?id=CVE-2013-6710
14 Dec 2013 — Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567. Vulnerabilidad Cross-site requets forgery (CSRF) en Cisco WeBeX Training Center permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores desconocidos, tambien conocido como Bug ID CSCul25567. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6710 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6963
https://notcve.org/view.php?id=CVE-2013-6963
14 Dec 2013 — Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207. Vulnerabilidad de XSS en el componente de registro en Cisco WebEx Training Center permite a atacantes remotos inyectar script web o HTML arbitrario a través de una URL manipulada, también conocido como Bug ID CSCul36207. • http://osvdb.org/100907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6965
https://notcve.org/view.php?id=CVE-2013-6965
14 Dec 2013 — The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183. El componente de registro en Cisco WebEx Training Center proporciona la URL de sesión antes de que se complete la confirmación por e-mail, lo que permite a atacantes remotos evitar las restricciones de acceso prev... • http://osvdb.org/100911 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6968
https://notcve.org/view.php?id=CVE-2013-6968
14 Dec 2013 — Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003. Cisco WebEx Training Center proporciona diferentes mensajes de error en intentos de registro dependiendo si la dirección de e-mail existe, lo que permite a atacantes remotos enumerar asistentes a través de una serie de peticiones, también conocido como Bug ID CSCul36003. • http://osvdb.org/100913 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6969
https://notcve.org/view.php?id=CVE-2013-6969
14 Dec 2013 — The training-registration page in Cisco WebEx Training Center allows remote attackers to modify unspecified fields via unknown vectors, aka Bug ID CSCul35990. La página training-registration en Cisco WebEx Training Center permite a atacantes remotos modificar campos no especificados a través de vectores desconocidos, también conocido como Bug ID CSCul35990. • http://osvdb.org/101003 • CWE-20: Improper Input Validation •