CVSS: 9.3EPSS: 79%CPEs: 54EXPL: 1CVE-2017-3823 – Cisco WebEx Chrome Extension Remote Command Execution
https://notcve.org/view.php?id=CVE-2017-3823
01 Feb 2017 — An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on ... • https://packetstorm.news/files/id/140870 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3799
https://notcve.org/view.php?id=CVE-2017-3799
26 Jan 2017 — A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1. Una vulnerabilidad en un parámetro URL de Cisco WebEx Meeting Center podría permitir a un atacante remoto no autenticado realizar redirección de sitio. Más información: CSCzu78401. • http://www.securityfocus.com/bid/95642 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1410
https://notcve.org/view.php?id=CVE-2016-1410
28 May 2016 — Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312. Cisco WebEx Meeting Center Original Release Base permite a atacantes remotos obtener información sensible acerca de la validación de nombre de usuario (1) asistiendo o (2) albergando una reunión, también conocida como Bug ID CSCux84312. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160526-wmc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 12%CPEs: 291EXPL: 0CVE-2015-6360 – libsrtp: improper handling of CSRC count and extension header length in RTP header
https://notcve.org/view.php?id=CVE-2015-6360
04 Apr 2016 — The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686. Randell Jesup and the Firefox team discovered that srtp, Cisco's reference implementation o... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4208
https://notcve.org/view.php?id=CVE-2015-4208
24 Jun 2015 — Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398. Cisco WebEx Meeting Center no restringe correctamente el contenido de URLs en solicitudes GET, lo que permite a atacantes remotos obtener información sensible o realizar ataques de inyección SQL a través de vectores que involucran el acceso de lectura a u... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39458 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4212
https://notcve.org/view.php?id=CVE-2015-4212
24 Jun 2015 — Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466. Cisco WebEx Meeting Center permite a atacantes remotos obtener información sensible a través de vectores no especificados, tal y como fue demostrado mediante el descubrimiento de credenciales, también conocido como Bug ID CSCut17466. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39467 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4207
https://notcve.org/view.php?id=CVE-2015-4207
23 Jun 2015 — Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147. Cisco WebEx Meeting Center coloca el número de acceso de una reunión en una URL, lo que permite a atacantes remotos obtener información sensible y evadir las restricciones de asistencia mediante la visita a la página de registro de reuniones, también conocida como Bug ID ... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39457 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 0CVE-2015-4209
https://notcve.org/view.php?id=CVE-2015-4209
23 Jun 2015 — Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913. Cisco WebEx Meeting Center no determina correctamente la autorización para la lectura de un calendar de anfitrión, lo que permite a atacantes remotos obtener información sensible mediante la obtención de una lista de todas las reuniones y post... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39459 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4210
https://notcve.org/view.php?id=CVE-2015-4210
23 Jun 2015 — Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806. Vulnerabilidad de XSS en Cisco WebEx Meeting Center permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada, también conocida como Bug ID CSCur03806. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39460 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4194
https://notcve.org/view.php?id=CVE-2015-4194
19 Jun 2015 — The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861. La interfaz administrativa basada en web en Cisco WebEx Meeting Center proporciona mensajes de error diferentes para intentos de iniciar sesión fallidos dependiend... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39420 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •