| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio channel in a .wrf file, aka Bug ID CSCuc39458. |
| Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777. |
| The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527. |
| Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281. |
| Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuy92706. |
| The Cisco WebEx Meetings application before 8.5.1 for Android improperly initializes custom application permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka Bug ID CSCuw86442. |
| Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711. |
| Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130. |
| Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455. |
| Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456. |
| Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398. |
| Cross-site scripting (XSS) vulnerability in the administrative interface in Cisco WebEx Meetings Server 2.5 and 2.5.0.997 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuq86310. |
| Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163. |
| The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460. |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01843. |
| The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254. |
| The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCuj40247. |
| Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913. |
| Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724. |
| Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321. |
