Page 13 of 92 results (0.007 seconds)

CVSS: 6.5EPSS: 0%CPEs: 31EXPL: 0

An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 2.8 CWMS-2.5MR1 Orion1.1.2.patch T29_orion_merge. Una vulnerabilidad de desvío de autenticación en Cisco WebEx Meetings Server podría permitir que un atacante remoto no autenticado acceda a la información limitada de reuniones en el servidor de Cisco WebEx Meetings. Más información: CSCvd50728. • http://www.securityfocus.com/bid/96918 http://www.securitytracker.com/id/1038040 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-webex • CWE-287: Improper Authentication •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.2054. Vulnerabilidad de XML en Cisco WebEx Meetings Server podría permitir a un atacante remoto autenticado tener acceso de lectura a parte de la información almacenada en el sistema afectado. • http://www.securityfocus.com/bid/96912 http://www.securitytracker.com/id/1038042 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wms • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 9.3EPSS: 87%CPEs: 54EXPL: 0

An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. • http://www.securityfocus.com/bid/95737 http://www.securitytracker.com/id/1037680 https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html https://blog.filippo.io/webex-extension-vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 https://bugs.chromium.org/p/project-zero/issues/detail?id=1100 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex https://www.kb.cert.org/vuls/id/909240 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12. Una vulnerabilidad en Cisco WebEx Meetings Server podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de CSRF contra un usuario administrativo. • http://www.securityfocus.com/bid/95635 http://www.securitytracker.com/id/1037649 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCvb60655. Known Affected Releases: 2.7. Una vulnerabilidad en Cisco WebEx Meetings Server podría permitir a un atacante remoto no autenticado ver el nombre del dominio completo del servidor de administración de Cisco WebEx. Más información: CSCvb60655. • http://www.securityfocus.com/bid/95639 http://www.securitytracker.com/id/1037648 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •