31 matches found
CVE-2017-3823
The CVE-2017-3823 issue affects Cisco WebEx browser extensions: Chrome WebEx Extension prior to 1.0.7, Firefox’s ActiveTouch General Plugin Container prior to 106, Internet Explorer’s GpcContainer ActiveX control prior to 10031.6.2017.0126, and Internet Explorer’s Download Manager ActiveX control...
CVE-2015-6360
CVE-2015-6360 affects libsrtp/libSRTP, with several advisories noting that the encryption-processing feature allows remote DoS via crafted SRTP packets. The root cause in the reports is improper handling of CSRC count and extension header length in RTP headers, leading to vulnerable RTP processin...
CVE-2017-6753
Cisco WebEx browser extensions for Chrome/Firefox (pre-1.0.12) are vulnerable to remote code execution due to a design flaw in the atgpcext library, allowing an unauthenticated attacker to run arbitrary code with the privileges of the affected browser when a user visits a crafted page. Affected p...
CVE-2019-15987
CVE-2019-15987 affects Cisco Webex Centers suite (Webex Event Center, Meeting Center, Support Center, Training Center). Root cause: missing CAPTCHA on select URLs allows unauthenticated, remote attacker to enumerate usernames and potentially obtain real names. Impact is information disclosure (no...
CVE-2017-12298
CVE-2017-12298 affects Cisco WebEx Meeting Center. The issue is cross-site scripting (XSS) caused by insufficient input validation in parameters passed to the web server, allowing an unauthenticated, remote attacker to trick a user into following a malicious link or inject code into requests. Exp...
CVE-2017-12366
Cisco WebEx Meeting Center is affected by CVE-2017-12366 through insufficient input validation of parameters sent to the web server, enabling an unauthenticated, remote attacker to perform cross-site scripting (XSS). Exploitation requires convincing a user to follow a malicious link or intercepti...
CVE-2017-12286
Cisco Jabber web interface vulnerability (CVE-2017-12286) allows an authenticated, local attacker to retrieve full user profile information due to insufficient input/validation checks. Affected releases are all Cisco Jabber versions prior to 1.9.31. Exploitation requires local authentication and ...
CVE-2010-3270
CVE-2010-3270 covers two WebEx vulnerabilities: a stack-based buffer overflow in Cisco WebEx Meeting Center (polling via .atp) and in WebEx Player-related .wrf/.atp handling. Public writeups (CORE-2010-1001) describe that WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 is suscept...
CVE-2015-4194
Cisco WebEx Meeting Center’s web-based admin interface is vulnerable to user enumeration via inconsistent login error messages. An unauthenticated, remote attacker can determine whether a username exists and whether it has administrative privileges, per Cisco advisory Cisco-SA-20150618-CVE-2015-4...
CVE-2017-12359
Converging sources confirm CVE-2017-12359 is a buffer overflow in the Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files. The vulnerability allows an attacker to achieve arbitrary code execution on a target system by convincing a user to open a malicious .arf file del...
CVE-2013-6960
Cisco WebEx Meeting Center contains multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary scripts via crafted URLs. The underlying cause, per the Cisco advisory, is insufficient validation of user-supplied input. Exploitation details in the provided d...
CVE-2017-12360
CVE-2017-12360 is a vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files. The issue allows a remote attacker to cause a denial-of-service by convincing a user to open a malicious WRF file (delivered via email or URL), causing the affected WebEx Player to cr...
CVE-2017-12365
CVE-2017-12365 affects Cisco WebEx Event Center. A design flaw allows an authenticated, remote attacker to query the Event Center site and view both listed and unlisted meetings, enabling potential attendance of meetings not accessible to them. Root cause is a information-disclosure design weakne...
CVE-2017-3799
CVE-2017-3799 concerns a URL-parameter open-redirect vulnerability in Cisco WebEx (WebEx Meeting Center). The Cisco advisory attributes the issue to insufficient input validation, where an attacker could craft a link containing a remote site URL in the affected parameter to redirect users to a ma...
CVE-2014-2199
CVE-2014-2199 affects Cisco WebEx components (Event Center, Meeting Center, Sales Center, Training Center, WebEx Meetings Server 1.5(.1.131) and earlier) and WebEx Business Suite; vulnerable are versions before 27.32.31.16 (27.x), before 28.12.13.18 (28.x), and before 29.5.1.12 (29.x). The vulner...
CVE-2017-12297
CVE-2017-12297 affects Cisco WebEx Meeting Center and is described as a URL redirection vulnerability caused by insufficient access control on HTTP traffic directed to the Meeting Center. An authenticated, remote attacker could exploit a crafted URL to cause the Meeting Center to initiate connect...
CVE-2015-0590
CVE-2015-0590 affects Cisco WebEx Meeting Center. The issue stems from improper checking of certain meeting-join parameters, allowing remote, unauthenticated attackers to enable meeting features that were explicitly disabled by the organizer, potentially exposing sensitive information. Cisco’s ad...
CVE-2013-6964
Cisco WebEx Business Suite Site Access Control Bypass (CVE-2013-6964) permits an authenticated, remote attacker to inject content from their own WebEx site into another WebEx site due to insufficient validation of user input. Exploitation requires a crafted URL and authenticated access; impact is...
CVE-2015-4209
Cisco WebEx Meeting Center is affected by an information-disclosure vulnerability (CVE-2015-4209) where remote attackers can read a host calendar without proper authorization. The root cause is inconsistent authorization checks, enabling an attacker to enumerate hosted meetings and subsequently i...
CVE-2014-0708
CVE-2014-0708 affects WebEx Meeting Center in Cisco WebEx Business Suite. The issue arises from improper URL composition for HTTP GET requests, which could allow remote attackers to read sensitive data from server access logs, Referer logs, or a browser history (Bug ID CSCul98272). Root cause: in...
CVE-2014-3310
The Cisco advisory for CVE-2014-3310 reports an authentication-free, remote arbitrary file download vulnerability in the File Transfer feature of WebEx Meetings Client/Server/Meeting Center. The issue arises because the receiving client does not verify that the requested file matches the offered ...
CVE-2014-3311
Cisco WebEx Meetings Client vulnerability CVE-2014-3311 is a heap-based buffer overflow in the file-sharing feature of the WebEx Meetings Client used with WebEx Meetings Server and WebEx Meeting Center. The root cause is improper bounds checking during data transfer, allowing an unauthenticated r...
CVE-2015-4208
The connected documents provide concrete details for CVE-2015-4208 affecting Cisco WebEx Meeting Center . The vulnerability arises from inadequate restriction of the content of URLs in GET requests , allowing remote, unauthenticated attackers to either obtain sensitive information or perform SQL ...
CVE-2015-0583
CVE-2015-0583 affects Cisco WebEx Meetings Server/Meeting Center. A vulnerability in the file: URI handling could cause information disclosure by unauthenticated remote attackers who view application URL requests containing sensitive data. Impact is sensitive information exposure via URLs; adviso...
CVE-2016-1410
CVE-2016-1410 affects Cisco WebEx Meeting Center (Original Release Base). The vulnerability allows remote attackers to determine whether a username exists by participating in or hosting a meeting, enabling information disclosure of username validity. Documented impact values include CVSSv2/3 base...
CVE-2015-4207
Cisco WebEx Meeting Center is affected by CVE-2015-4207, where a meeting access number is exposed in the URL, enabling remote disclosure of sensitive information and bypass of attendance restrictions by visiting the meeting-registration page. The root cause is the inclusion of the access number i...
CVE-2015-4212
Cisco WebEx Meeting Center is affected by CVE-2015-4212, where an unauthenticated, remote attacker can obtain sensitive information, including credentials, due to improper handling of requests in the Cisco WebEx Meeting Center implementation. Multiple sources describe exposure of data and credent...
CVE-2013-6970
Cisco WebEx Meeting Center is affected by CVE-2013-6970, where remote attackers can obtain sensitive information by reading verbose error messages in server responses (Bug ID CSCul35928). The entry notes a medium severity (CVSS v2 base score 5.0) with network access and no authentication required...
CVE-2015-4210
CVE-2015-4210 is a reflected XSS vulnerability in Cisco WebEx Meetings Center. The issue allows remote attackers to trigger arbitrary script/HTML by sending a specially crafted URL, affecting the WebEx Meetings Center component. Cisco’s advisory states the vulnerability is due to insufficient inp...
CVE-2013-6961
CVE-2013-6961 concerns the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center. The advisory and related sources describe an unauthenticated, remote cross-site scripting (XSS) vulnerability caused by insufficient validation of user-supplied input. An attacker could lure a us...
CVE-2013-6962
The CVE-2013-6962 issue affects Cisco WebEx Meeting Center, specifically the mobile-browser subsystem, where an unauthenticated, remote attacker can trigger a cross-site scripting (XSS) attack by convincing a user to open a crafted URL. The vulnerability leverages insufficient validation of user-...