CVE-2015-0597
https://notcve.org/view.php?id=CVE-2015-0597
The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159. La característica Forgot Password en Cisco WebEx Meetings Server 1.5(.1.131) y anteriores permite a atacantes remotos enumerar las cuentas administrativas a través de paquetes manipulados, también conocido como Bug IDs CSCuj67166 y CSCuj67159. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0597 http://tools.cisco.com/security/center/viewAlert.x?alertId=37240 http://www.securityfocus.com/bid/72373 http://www.securitytracker.com/id/1031678 https://exchange.xforce.ibmcloud.com/vulnerabilities/100658 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-0596
https://notcve.org/view.php?id=CVE-2015-0596
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163. Vulnerabilidad de CSRF en Cisco WebEx Meetings Server 1.5(.1.131) y anteriores permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocido como Bug ID CSCuj67163. • http://secunia.com/advisories/61797 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0596 http://tools.cisco.com/security/center/viewAlert.x?alertId=37239 http://www.securityfocus.com/bid/72371 http://www.securitytracker.com/id/1031677 https://exchange.xforce.ibmcloud.com/vulnerabilities/100665 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2014-3302
https://notcve.org/view.php?id=CVE-2014-3302
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708. user.php en Cisco WebEx Meetings Server 1.5(.1.131) y anteriores no implementa debidamente el reloj de tokens para la codificación autenticada, lo que permite a atacantes remotos obtener información sensible a través de una URL manipulada, también conocido como Bug ID CSCuj81708. • http://secunia.com/advisories/58624 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3302 http://tools.cisco.com/security/center/viewAlert.x?alertId=35050 http://www.securityfocus.com/bid/68904 http://www.securitytracker.com/id/1030646 https://exchange.xforce.ibmcloud.com/vulnerabilities/94892 • CWE-310: Cryptographic Issues •
CVE-2014-3305
https://notcve.org/view.php?id=CVE-2014-3305
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735. Vulnerabilidad de CSRF en el Framework web en Cisco WebEx Meetings Server 1.5(.1.131) y anteriores permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores desconocidos, también conocido como Bug ID CSCuj81735. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3305 http://tools.cisco.com/security/center/viewAlert.x?alertId=35051 http://www.securityfocus.com/bid/68903 http://www.securitytracker.com/id/1030644 https://exchange.xforce.ibmcloud.com/vulnerabilities/94894 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2014-3301
https://notcve.org/view.php?id=CVE-2014-3301
The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700. El controlador ProfileAction en Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) y anteriores permite a atacantes remotos obtener información sensible mediante la lectura de trazas de la pila en mensajes devueltos, también conocido como Bug ID CSCuj81700. • http://secunia.com/advisories/60573 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3301 http://tools.cisco.com/security/center/viewAlert.x?alertId=35040 http://www.securityfocus.com/bid/68894 http://www.securitytracker.com/id/1030642 https://exchange.xforce.ibmcloud.com/vulnerabilities/94895 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •