CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4233
https://notcve.org/view.php?id=CVE-2015-4233
02 Jul 2015 — SQL injection vulnerability in Cisco Unified MeetingPlace 8.6(1.2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu54037. Vulnerabilidad de inyección SQL en Cisco Unified MeetingPlace 8.6(1.2) permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, también conocida como Bug ID CSCuu54037. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39570 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4214
https://notcve.org/view.php?id=CVE-2015-4214
24 Jun 2015 — Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) allows remote authenticated users to discover cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050. Cisco Unified MeetingPlace 8.6(1.2) y 8.6(1.9) permite a usuarios remotos autenticados descubrir contraseñas en texto claro mediante la lectura de código de fuente HTML, también conocido como Bug ID CSCuu33050. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39470 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0763
https://notcve.org/view.php?id=CVE-2015-0763
04 Jun 2015 — Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338. Cisco Unified MeetingPlace 8.6(1.2) no valida correctamente los identificadores de sesión en URLs http, lo que permite a atacantes remotos obtener información sensible de sesiones a través de una URL manipulada, también conocido como Bug ID CSCuu60338. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39162 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0762
https://notcve.org/view.php?id=CVE-2015-0762
04 Jun 2015 — Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu51400. Vulnerabilidad de XSS en la interfaz de gestión en Cisco Unified MeetingPlace 8.6(1.2) y 8.6(1.9) para Microsoft Outlook permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de un valor manipulado en una URL, tambi... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39161 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0764
https://notcve.org/view.php?id=CVE-2015-0764
04 Jun 2015 — Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603. Cisco Unified MeetingPlace 8.6(1.9) permite a atacantes remotos leer ficheros arbitrarios a través de una solicitud de recursos manipulada, también conocido como Bug ID CSCus95603. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39163 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0758
https://notcve.org/view.php?id=CVE-2015-0758
30 May 2015 — The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCus97452. La interfaz del usuario basado en web en Cisco Unified MeetingPlace 8.6(1.9) permite a atacantes remotos leer ficheros arbitrarios a través de un documento XML que contiene una declaración de entidad externa en conjunto con... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39130 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0705 – HP Security Bulletin HPSBMU03607 1
https://notcve.org/view.php?id=CVE-2015-0705
22 Apr 2015 — Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494. Vulnerabilidad de CSRF en los endpoints SOAP API del directorio de servicios web en Cisco Unified MeetingPlace 8.6(1.9) permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que crean cue... • http://tools.cisco.com/security/center/viewAlert.x?alertId=38461 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0704
https://notcve.org/view.php?id=CVE-2015-0704
22 Apr 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in API features in Cisco Unified MeetingPlace 8.6(1.9) allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus95884. Múltiples vulnerabilidades de CSRF en las características API en Cisco Unified MeetingPlace 8.6(1.9) permiten a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocido como Bug ID CSCus95884. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38460 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0703
https://notcve.org/view.php?id=CVE-2015-0703
21 Apr 2015 — Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857. Vulnerabilidad de XSS en la interfaz web administrativa en Cisco Unified MeetingPlace 8.6(1.9) permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados, también conocido como Bug ID CSCus95857. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38459 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0702
https://notcve.org/view.php?id=CVE-2015-0702
21 Apr 2015 — Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712. Vulnerabilidad de la subida de ficheros ain restricciones en la implementación Custom Prompts upload en Cisco Unified MeetingPlace 8.6(1.9) permite a usuariosm remotos autenticados ejecutar código arbitrario mediante el u... • http://tools.cisco.com/security/center/viewAlert.x?alertId=38455 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •