Page 9 of 46 results (0.011 seconds)

CVSS: 9.3EPSS: 87%CPEs: 54EXPL: 0

An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. • http://www.securityfocus.com/bid/95737 http://www.securitytracker.com/id/1037680 https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html https://blog.filippo.io/webex-extension-vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 https://bugs.chromium.org/p/project-zero/issues/detail?id=1100 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex https://www.kb.cert.org/vuls/id/909240 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724. Cisco WebEx Meetings Server 2.6 permite a atacantes remotos eludir las restricciones destinadas al acceso y obtener información de aplicación sensible a través de vectores no especificados, también conocido como Bug ID CSCuy92724. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-wms1 http://www.securityfocus.com/bid/92519 http://www.securitytracker.com/id/1036649 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711. Vulnerabilidad de XSS en Cisco WebEx Meetings Server 2.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCuy92711. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-wms3 http://www.securityfocus.com/bid/91780 http://www.securitytracker.com/id/1036313 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuy83194. Vulnerabilidad de XSS en la interfaz del administrador en Cisco WebEx Meetings Server 2.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, también conocido como Bug ID CSCuy83194. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-wms1 http://www.securityfocus.com/bid/91781 http://www.securitytracker.com/id/1036314 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200. Vulnerabilidad de inyección SQL en Cisco WebEx Meetings Server 2.6 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, también conocido como Bug ID CSCuy83200. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-wms http://www.securityfocus.com/bid/91786 http://www.securitytracker.com/id/1036312 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •