CVE-2015-0668
https://notcve.org/view.php?id=CVE-2015-0668
Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737. Vulnerabilidad XSS en el portal de administración de Cisco WebEx Meetings Server 2.5 y 2.5.99.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, también conocido como Bug ID CSCuq66737. • http://tools.cisco.com/security/center/viewAlert.x?alertId=37934 http://www.securitytracker.com/id/1031968 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-0589
https://notcve.org/view.php?id=CVE-2015-0589
The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460. La interfaz web administrativa en Cisco WebEx Meetings Server 1.0 hasta 1.5 permite a usuarios remotos autenticados ejecutar comandos del sistema operativo arbitrarios con privilegios root a través de campos especificados, también conocido como Bug ID CSCuj40460. • http://secunia.com/advisories/62799 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx http://www.securityfocus.com/bid/72493 http://www.securitytracker.com/id/1031692 https://exchange.xforce.ibmcloud.com/vulnerabilities/100719 • CWE-20: Improper Input Validation •
CVE-2015-0595
https://notcve.org/view.php?id=CVE-2015-0595
The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079. La API XMLen Cisco WebEx Meetings Server 1.5(.1.131) y anteriores permite a atacantes remotos obtener información sensible mediante la lectura de mensajes de retorno de solicitudes GET manipulados, también conocido como Bug ID CSCuj67079. • http://secunia.com/advisories/62686 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0595 http://tools.cisco.com/security/center/viewAlert.x?alertId=37238 http://www.securityfocus.com/bid/72370 http://www.securitytracker.com/id/1031676 https://exchange.xforce.ibmcloud.com/vulnerabilities/100667 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-0597
https://notcve.org/view.php?id=CVE-2015-0597
The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159. La característica Forgot Password en Cisco WebEx Meetings Server 1.5(.1.131) y anteriores permite a atacantes remotos enumerar las cuentas administrativas a través de paquetes manipulados, también conocido como Bug IDs CSCuj67166 y CSCuj67159. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0597 http://tools.cisco.com/security/center/viewAlert.x?alertId=37240 http://www.securityfocus.com/bid/72373 http://www.securitytracker.com/id/1031678 https://exchange.xforce.ibmcloud.com/vulnerabilities/100658 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-0596
https://notcve.org/view.php?id=CVE-2015-0596
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163. Vulnerabilidad de CSRF en Cisco WebEx Meetings Server 1.5(.1.131) y anteriores permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocido como Bug ID CSCuj67163. • http://secunia.com/advisories/61797 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0596 http://tools.cisco.com/security/center/viewAlert.x?alertId=37239 http://www.securityfocus.com/bid/72371 http://www.securitytracker.com/id/1031677 https://exchange.xforce.ibmcloud.com/vulnerabilities/100665 • CWE-352: Cross-Site Request Forgery (CSRF) •