CVSS: 7.6EPSS: 0%CPEs: 14EXPL: 0CVE-2013-1168
https://notcve.org/view.php?id=CVE-2013-1168
11 Apr 2013 — The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885. El servidor web de Cisco Unified MeetingPlace Application Server v7.x antes de v7.1MR1 revisión 2, v8.0 antes de v8.0MR1 revisión 1, y v8.5 antes de v8.5MR3 revisión 1 no invalida un... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2013-1128
https://notcve.org/view.php?id=CVE-2013-1128
15 Feb 2013 — Multiple cross-site request forgery (CSRF) vulnerabilities in the server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuc64903. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Cisco Unified MeetingPlace con software anterior a v7.1(2.2000) permite a atacantes remotos secuestrar la autentica... • http://secunia.com/advisories/52194 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2012-5416
https://notcve.org/view.php?id=CVE-2012-5416
02 Nov 2012 — Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before 7.1MR1 Patch 1, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 allows remote attackers to cause a denial of service (daemon hang) via unspecified parameters in a POST request, aka Bug ID CSCua66341. Desbordamiento de búfer en Cisco Unified MeetingPlace Web Conferencing antes de v7.1MR1 Patch 1, v8.0 antes de v8.0MR1 Patch 1, y v8.5 antes de v8.5MR3, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a tr... • http://osvdb.org/86859 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4232
https://notcve.org/view.php?id=CVE-2011-4232
03 May 2012 — The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces different responses for directory queries depending on whether the directory exists, which allows remote attackers to enumerate directory names via a series of queries, aka Bug ID CSCtt94070. El servidor web en Cisco Unified MeetingPlace v6.1 y v8.5 produce distintas respuestas para las consultas de directorio en función de si el directorio existe, lo que permite a atacantes remotos enumerar los nombres de los directorios a través de una seri... • http://www.cisco.com/en/US/docs/voice_ip_comm/meetingplace/6_1/release_notes/mp61_rn.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2010-0139
https://notcve.org/view.php?id=CVE-2010-0139
28 Jan 2010 — Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in a database via unspecified vectors, aka Bug ID CSCtc39691. Cisco Unified MeetingPlace v7 anterior a v7.0(2.3) versión 5F, v6 anterior a v6.0.639.2, y posiblemente v5 no valida adecuadamente los comandos SQL, lo que permite a atacantes remotos crear, modificar y borrar datos de la base de datos a través de vector... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1490b.shtml • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2010-0140
https://notcve.org/view.php?id=CVE-2010-0140
28 Jan 2010 — Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661. Múltiples vulnerabilidades sin especificar en Cisco Unified MeetingPlace v7 en versiones anteriores a v7.0(2.3) arreglo 5F, v6 anteriores a v6.0.639.3, y posiblemente v5 permite a atacantes remo... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1490b.shtml •