CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1451
https://notcve.org/view.php?id=CVE-2016-1451
15 Jul 2016 — Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922. Vulnerabilidad de XSS en la interfaz de administración basada en web en Cisco Meeting Server (anteriormente Acano Conferencing Server) 1.7 hasta la versión 1.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a t... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-ms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1410
https://notcve.org/view.php?id=CVE-2016-1410
28 May 2016 — Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312. Cisco WebEx Meeting Center Original Release Base permite a atacantes remotos obtener información sensible acerca de la validación de nombre de usuario (1) asistiendo o (2) albergando una reunión, también conocida como Bug ID CSCux84312. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160526-wmc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 12%CPEs: 291EXPL: 0CVE-2015-6360 – libsrtp: improper handling of CSRC count and extension header length in RTP header
https://notcve.org/view.php?id=CVE-2015-6360
04 Apr 2016 — The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686. Randell Jesup and the Firefox team discovered that srtp, Cisco's reference implementation o... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4208
https://notcve.org/view.php?id=CVE-2015-4208
24 Jun 2015 — Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398. Cisco WebEx Meeting Center no restringe correctamente el contenido de URLs en solicitudes GET, lo que permite a atacantes remotos obtener información sensible o realizar ataques de inyección SQL a través de vectores que involucran el acceso de lectura a u... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39458 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4212
https://notcve.org/view.php?id=CVE-2015-4212
24 Jun 2015 — Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466. Cisco WebEx Meeting Center permite a atacantes remotos obtener información sensible a través de vectores no especificados, tal y como fue demostrado mediante el descubrimiento de credenciales, también conocido como Bug ID CSCut17466. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39467 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4207
https://notcve.org/view.php?id=CVE-2015-4207
23 Jun 2015 — Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147. Cisco WebEx Meeting Center coloca el número de acceso de una reunión en una URL, lo que permite a atacantes remotos obtener información sensible y evadir las restricciones de asistencia mediante la visita a la página de registro de reuniones, también conocida como Bug ID ... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39457 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 0CVE-2015-4209
https://notcve.org/view.php?id=CVE-2015-4209
23 Jun 2015 — Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913. Cisco WebEx Meeting Center no determina correctamente la autorización para la lectura de un calendar de anfitrión, lo que permite a atacantes remotos obtener información sensible mediante la obtención de una lista de todas las reuniones y post... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39459 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4210
https://notcve.org/view.php?id=CVE-2015-4210
23 Jun 2015 — Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806. Vulnerabilidad de XSS en Cisco WebEx Meeting Center permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada, también conocida como Bug ID CSCur03806. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39460 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4194
https://notcve.org/view.php?id=CVE-2015-4194
19 Jun 2015 — The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861. La interfaz administrativa basada en web en Cisco WebEx Meeting Center proporciona mensajes de error diferentes para intentos de iniciar sesión fallidos dependiend... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39420 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0590
https://notcve.org/view.php?id=CVE-2015-0590
17 Jan 2015 — Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165. Cisco WebEx Meeting Center permite a atacantes remotos activar atributos de reuniones deshabilitados, y como consecuencia obtener información sensible, mediante la provisión de parámetros manipulados durante una acción meeting-join, también conocido como Bug ID CSCuo34165. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0590 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •