CVE-2010-0140
https://notcve.org/view.php?id=CVE-2010-0140
Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661. Múltiples vulnerabilidades sin especificar en Cisco Unified MeetingPlace v7 en versiones anteriores a v7.0(2.3) arreglo 5F, v6 anteriores a v6.0.639.3, y posiblemente v5 permite a atacantes remotos crear (1) un usuario o (2) cuentas de administrador a través de una URL manipulada en una petición interfaz al interfaz, también conocido con el ID de Bug CSCtc59231 y CSCtd40661. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1490b.shtml http://www.securityfocus.com/bid/37965 •
CVE-2010-0142
https://notcve.org/view.php?id=CVE-2010-0142
MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote authenticated users to gain privileges via a modified authentication sequence, aka Bug ID CSCsv66530. MeetingTime en Cisco Unified MeetingPlace v6 anteriores a MR5, y posiblemente v5, permite a usuarios remotos autenticados ganar privilegios a través de una secuencia modificada de autenticación, también conocido como bug ID CSCsv66530. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1490b.shtml http://www.securityfocus.com/bid/37965 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-0743
https://notcve.org/view.php?id=CVE-2009-0743
Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field. Vulnerabilidad Cross-site scripting (XSS), en la página de editar cuentas en el servidor Web de Cisco MeetingPlace Web Conferencing 6.0 anteriores a v6.0(517,0) (también conocido como v6.0 MR4) y v7.0 antes de v7.0(2) (también conocido como 7,0 MR1) permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elección a través del campo E-mail Address. • http://www.cisco.com/en/US/products/products_security_response09186a0080a7bc61.html http://www.securityfocus.com/archive/1/501251/30/0/threaded http://www.securityfocus.com/bid/33915 http://www.securitytracker.com/id?1021778 https://exchange.xforce.ibmcloud.com/vulnerabilities/48965 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-5581
https://notcve.org/view.php?id=CVE-2007-5581
Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en mpweb/scripts/mpx.dll de Cisco Unified MeetingPlace 5.4 y anteriores y 6.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1) FirstName y (2) LastName. • http://secunia.com/advisories/26462 http://securitytracker.com/id?1018904 http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml http://www.securityfocus.com/bid/26364 http://www.vupen.com/english/advisories/2007/3772 https://exchange.xforce.ibmcloud.com/vulnerabilities/38298 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •