CVSS: 9.3EPSS: 0%CPEs: 21EXPL: 0CVE-2018-15419 – Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-15419
05 Oct 2018 — A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the ... • http://www.securityfocus.com/bid/105520 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 21EXPL: 0CVE-2018-15420 – Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-15420
05 Oct 2018 — A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the ... • http://www.securityfocus.com/bid/105520 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-15436 – Cisco Webex Centers Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2018-15436
05 Oct 2018 — A vulnerability in the web-based management interface of Cisco Webex Events Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit thi... • http://www.securityfocus.com/bid/105557 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 21EXPL: 0CVE-2018-15414 – Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-15414
21 Sep 2018 — A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the ... • http://www.securityfocus.com/bid/105374 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 21EXPL: 0CVE-2018-15421 – Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-15421
21 Sep 2018 — A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the ... • http://www.securityfocus.com/bid/105374 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 21EXPL: 0CVE-2018-15422 – Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-15422
21 Sep 2018 — A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the ... • http://www.securityfocus.com/bid/105374 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 13EXPL: 0CVE-2018-0422 – Cisco WebEx Network Recording Player Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-0422
06 Sep 2018 — A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a user the permission to read, write, and execute files in the Webex folders. An attacker could exploit this vulnerability to write malicious files to the Webex client directory, affecting all other users of the targe... • http://www.securityfocus.com/bid/105281 • CWE-732: Incorrect Permission Assignment for Critical Resource •