CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3305
https://notcve.org/view.php?id=CVE-2014-3305
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735. Vulnerabilidad de CSRF en el Framework web en Cisco WebEx Meetings Server 1.5(.1.131) y anteriores permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores desconocidos, también conocido como Bug ID CSCuj81735. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3305 http://tools.cisco.com/security/center/viewAlert.x?alertId=35051 http://www.securityfocus.com/bid/68903 http://www.securitytracker.com/id/1030644 https://exchange.xforce.ibmcloud.com/vulnerabilities/94894 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3301
https://notcve.org/view.php?id=CVE-2014-3301
The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700. El controlador ProfileAction en Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) y anteriores permite a atacantes remotos obtener información sensible mediante la lectura de trazas de la pila en mensajes devueltos, también conocido como Bug ID CSCuj81700. • http://secunia.com/advisories/60573 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3301 http://tools.cisco.com/security/center/viewAlert.x?alertId=35040 http://www.securityfocus.com/bid/68894 http://www.securitytracker.com/id/1030642 https://exchange.xforce.ibmcloud.com/vulnerabilities/94895 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3310
https://notcve.org/view.php?id=CVE-2014-3310
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463. La funcionalidad File Transfer en WebEx Meetings Client en Cisco WebEx Meetings Server y WebEx Meeting Center no verifica que un fichero solicitado fuera un fichero ofrecido, lo que permite a atacantes remotos leer ficheros arbitrarios a través de una solicitud modificada, también conocido como Bug IDs CSCup62442 y CSCup58463. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3310 http://www.securityfocus.com/bid/68503 http://www.securitytracker.com/id/1030551 https://exchange.xforce.ibmcloud.com/vulnerabilities/94431 • CWE-20: Improper Input Validation •
CVSS: 5.1EPSS: 3%CPEs: 2EXPL: 0CVE-2014-3311
https://notcve.org/view.php?id=CVE-2014-3311
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467. Desbordamiento de buffer basado en memoria dinámica en la funcionalidad de compartir ficheros en WebEx Meetings Client en Cisco WebEx Meetings Server y WebEx Meeting Center permite a atacantes remotos ejecutar código arbitrario a través de datos manipulados, también conocido como Bug IDs CSCup62463 y CSCup58467. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3311 http://www.securityfocus.com/bid/68502 http://www.securitytracker.com/id/1030550 https://exchange.xforce.ibmcloud.com/vulnerabilities/94432 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3296
https://notcve.org/view.php?id=CVE-2014-3296
The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527. La interfaz programática XML (XML PI) en Cisco WebEx Meeting Server 1.5(.1.131) y anteriores permite a usuarios remotos autenticados obtener información sensible de reuniones a través de una URL manipulada, también conocido como Bug ID CSCum03527. • http://secunia.com/advisories/59263 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3296 http://tools.cisco.com/security/center/viewAlert.x?alertId=34663 http://www.securityfocus.com/bid/68118 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •