CVE-2015-0764

Cisco Unified MeetingPlace 8.6(1.9) is affected by CVE-2015-0764, where an unauthenticated, remote attacker can read arbitrary files through a crafted resource request. The root cause is improper handling of resource requests by the affected device, enabling arbitrary file download. The vulnerabi...

CVE-2015-0705

Cross-site request forgery CSRF vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.61.9 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494...

Unrestricted file upload

Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.61.9 allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712...

CVE-2015-0703

Cisco Unified MeetingPlace 8.6(1.9) admin web interface is affected by a reflected cross-site scripting (XSS) vulnerability. The issue stems from improper validation of user-supplied input, allowing an unauthenticated, remote attacker to craft a malicious link that executes arbitrary JavaScript/H...