Cisco: WebEx: New Arbitrary Command Execution in 1.0.5 via Module Whitelist Bypass
In version 1.0.5 of the WebEx extension, Cisco added a GpcComponentName whitelist to prevent exploitation via XSS, preventing the issue 1096. This can be defeated by putting a module signed by Cisco under GpcUrlRoot, and tricking the installation routine to overwrite one of the whitelisted module...