CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0597
https://notcve.org/view.php?id=CVE-2015-0597
The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159. La característica Forgot Password en Cisco WebEx Meetings Server 1.5(.1.131) y anteriores permite a atacantes remotos enumerar las cuentas administrativas a través de paquetes manipulados, también conocido como Bug IDs CSCuj67166 y CSCuj67159. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0597 http://tools.cisco.com/security/center/viewAlert.x?alertId=37240 http://www.securityfocus.com/bid/72373 http://www.securitytracker.com/id/1031678 https://exchange.xforce.ibmcloud.com/vulnerabilities/100658 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0595
https://notcve.org/view.php?id=CVE-2015-0595
The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079. La API XMLen Cisco WebEx Meetings Server 1.5(.1.131) y anteriores permite a atacantes remotos obtener información sensible mediante la lectura de mensajes de retorno de solicitudes GET manipulados, también conocido como Bug ID CSCuj67079. • http://secunia.com/advisories/62686 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0595 http://tools.cisco.com/security/center/viewAlert.x?alertId=37238 http://www.securityfocus.com/bid/72370 http://www.securitytracker.com/id/1031676 https://exchange.xforce.ibmcloud.com/vulnerabilities/100667 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0596
https://notcve.org/view.php?id=CVE-2015-0596
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163. Vulnerabilidad de CSRF en Cisco WebEx Meetings Server 1.5(.1.131) y anteriores permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocido como Bug ID CSCuj67163. • http://secunia.com/advisories/61797 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0596 http://tools.cisco.com/security/center/viewAlert.x?alertId=37239 http://www.securityfocus.com/bid/72371 http://www.securitytracker.com/id/1031677 https://exchange.xforce.ibmcloud.com/vulnerabilities/100665 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8034
https://notcve.org/view.php?id=CVE-2014-8034
Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321. Cisco WebEx Meetings Server 1.5 presenta el mismo reto CAPTCHA para cada intento de inicio de sesión, lo que facilita a atacantes remotos obtener el acceso a través de un acercamineto de fuerza bruta de adivinar nombres de usuarios, también conocido como Bug ID CSCuj40321. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8034 http://tools.cisco.com/security/center/viewAlert.x?alertId=36990 http://www.securityfocus.com/bid/71978 http://www.securitytracker.com/id/1031543 https://exchange.xforce.ibmcloud.com/vulnerabilities/100552 • CWE-255: Credentials Management Errors •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3302
https://notcve.org/view.php?id=CVE-2014-3302
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708. user.php en Cisco WebEx Meetings Server 1.5(.1.131) y anteriores no implementa debidamente el reloj de tokens para la codificación autenticada, lo que permite a atacantes remotos obtener información sensible a través de una URL manipulada, también conocido como Bug ID CSCuj81708. • http://secunia.com/advisories/58624 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3302 http://tools.cisco.com/security/center/viewAlert.x?alertId=35050 http://www.securityfocus.com/bid/68904 http://www.securitytracker.com/id/1030646 https://exchange.xforce.ibmcloud.com/vulnerabilities/94892 • CWE-310: Cryptographic Issues •