4 results (0.004 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut63724, and CSCut63760. Vulnerabilidad de CSRF en el software Cisco TelePresence Server 3.0 (2.24), permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocida como Bug IDs CSCut63718, CSCut63724 y CSCut63760. • http://tools.cisco.com/security/center/viewAlert.x?alertId=41128 http://www.securitytracker.com/id/1033644 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0

Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277. Desbordamiento de buffer en la implementación de la API del Conference Control Protocol en el software de Cisco TelePresence Server en versiones anteriores a 4.1(2.33) en 7010, MSE 8710, Multiparty Media 310 y 320 y dispositivos Virtual Machine, permite a atacantes remotos provocar una denegación de servicio (caída del dispositivo) a través de una URL manipulada, también conocida como Bug ID CSCuu28277. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps http://www.securitytracker.com/id/1033580 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.0EPSS: 0%CPEs: 42EXPL: 0

The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855. El Framework web en Cisco TelePresence Advanced Media Gateway Series Software anterior a 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software anterior a 3.0(1.27), Cisco TelePresence ISDN Gateway Software anterior a 2.2(1.94), Cisco TelePresence MCU Software anterior a 4.4(3.54) y 4.5 anterior a 4.5(1.45), Cisco TelePresence MSE Supervisor Software anterior a 2.3(1.38), Cisco TelePresence Serial Gateway Series Software anterior a 1.0(1.42), Cisco TelePresence Server Software for Hardware anterior a 3.1(1.98), y Cisco TelePresence Server Software for Virtual Machine anterior a 4.1(1.79) permite a usuarios remotos autenticados ejecutar comandos arbitrarios con privilegios root a través de vectores no especificados, también conocido como Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, y CSCur15855. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060. Múltiples vulnerabilidades de XSS en la página de inicio de sesión en la interfaz web administrativa en Cisco TelePresence Server Software 4.0(2.8) permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro manipulado, también conocido como Bug ID CSCup90060. • http://secunia.com/advisories/60456 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3324 http://tools.cisco.com/security/center/viewAlert.x?alertId=35031 http://www.securityfocus.com/bid/68885 http://www.securitytracker.com/id/1030640 https://exchange.xforce.ibmcloud.com/vulnerabilities/94847 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •