CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4232
https://notcve.org/view.php?id=CVE-2011-4232
03 May 2012 — The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate directory names via a series of queries, aka Bug ID CSCtt94070. El servidor web en Cisco Unified MeetingPlace v6.1 y v8.5 produce distintas respuestas para las consultas de directorio en función de si el directorio existe, lo que permite a atacantes remotos enumerar los nombres de los directorios a través de una seri... • http://www.cisco.com/en/US/docs/voice_ip_comm/meetingplace/6_1/release_notes/mp61_rn.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0337
https://notcve.org/view.php?id=CVE-2012-0337
02 May 2012 — SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. Vulnerabilidad de inyección SQL en el componente web en Cisco Unified MeetingPlace v7.1 permite a usuarios remotos autenticados ejecutar comandos SQL a través de vectores no especificados, también conocido como Bug ID CSCtx08939. • http://www.cisco.com/en/US/docs/voice_ip_comm/meetingplace/7_1/english/release_notes/mp71rn.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2010-0139
https://notcve.org/view.php?id=CVE-2010-0139
28 Jan 2010 — Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in a database via unspecified vectors, aka Bug ID CSCtc39691. Cisco Unified MeetingPlace v7 anterior a v7.0(2.3) versión 5F, v6 anterior a v6.0.639.2, y posiblemente v5 no valida adecuadamente los comandos SQL, lo que permite a atacantes remotos crear, modificar y borrar datos de la base de datos a través de vector... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1490b.shtml • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 1%CPEs: 7EXPL: 0CVE-2010-0140
https://notcve.org/view.php?id=CVE-2010-0140
28 Jan 2010 — Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661. Múltiples vulnerabilidades sin especificar en Cisco Unified MeetingPlace v7 en versiones anteriores a v7.0(2.3) arreglo 5F, v6 anteriores a v6.0.639.3, y posiblemente v5 permite a atacantes remo... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1490b.shtml •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0141
https://notcve.org/view.php?id=CVE-2010-0141
28 Jan 2010 — MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified authentication sequence to the Audio Server, aka Bug ID CSCsv76935. MeetingTime en Cisco Unified MeetingPlace v6 anteriores a MR5, y posiblemente v5, permite a atacantes remotos revelar nombres de usuarios, contraseñas y otros datos sin especificar de la base de datos de usuarios a traves de una secuencia modificada... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1490b.shtml • CWE-255: Credentials Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2010-0142
https://notcve.org/view.php?id=CVE-2010-0142
28 Jan 2010 — MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote authenticated users to gain privileges via a modified authentication sequence, aka Bug ID CSCsv66530. MeetingTime en Cisco Unified MeetingPlace v6 anteriores a MR5, y posiblemente v5, permite a usuarios remotos autenticados ganar privilegios a través de una secuencia modificada de autenticación, también conocido como bug ID CSCsv66530. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1490b.shtml • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2009-0743
https://notcve.org/view.php?id=CVE-2009-0743
27 Feb 2009 — Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field. Vulnerabilidad Cross-site scripting (XSS), en la página de editar cuentas en el servidor Web de Cisco MeetingPlace Web Conferencing 6.0 anteriores a v6.0(517,0) (también conocido como v6.0 MR4) y v7.0 antes... • http://www.cisco.com/en/US/products/products_security_response09186a0080a7bc61.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-0614
https://notcve.org/view.php?id=CVE-2009-0614
26 Feb 2009 — Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL. Una vulnerabilidad no especificada en Cisco Unified MeetingPlace Web Conferencing Web 6.0 antes de 6.0(517.0) (alias 6.0 MR4) y 7.0 antes de 7.0 (2) (alias 7.0 MR1) permite a atacantes remotos eludir la autenticación y obtener acceso administrativo... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2007-5581
https://notcve.org/view.php?id=CVE-2007-5581
08 Nov 2007 — Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en mpweb/scripts/mpx.dll de Cisco Unified MeetingPlace 5.4 y anteriores y 6.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetro... • http://secunia.com/advisories/26462 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4284
https://notcve.org/view.php?id=CVE-2007-4284
09 Aug 2007 — Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified MeetingPlace Web Conferencing (MP) 5.3.235.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) Success Template (STPL) and (2) Failure Template (FTPL) parameters, which are not properly handled in an error message. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Cisco Unified MeetingPlace Web Conferencing (MP) 5.3.235.0 y versiones anteriores permite a atacantes remotos ... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065134.html •