Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-02-02 | CVE-2015-0597 | Improper Input Validation vulnerability in Cisco Webex Meetings Server The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159. | 5.0 |
| 2015-02-02 | CVE-2015-0596 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings Server Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163. | 6.8 |
| 2015-02-02 | CVE-2015-0595 | Information Exposure vulnerability in Cisco Webex Meetings Server The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079. | 5.0 |
| 2015-01-22 | CVE-2014-8008 | Information Exposure vulnerability in Cisco Unified Communications Manager Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414. | 6.8 |
| 2015-01-17 | CVE-2015-0590 | Information Exposure vulnerability in Cisco Webex Meeting Center Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165. | 5.0 |
| 2015-01-15 | CVE-2015-0591 | Resource Management Errors vulnerability in Cisco Unified Communications Domain Manager 10.0 Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177. | 5.0 |
| 2015-01-15 | CVE-2015-0588 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager 10.0 Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. | 6.8 |
| 2015-01-15 | CVE-2014-8034 | Credentials Management vulnerability in Cisco Webex Meetings Server 1.5 Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing usernames, aka Bug ID CSCuj40321. | 5.0 |
| 2015-01-15 | CVE-2014-8022 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776. | 4.3 |
| 2015-01-14 | CVE-2015-0583 | Information Exposure vulnerability in Cisco Webex Meeting Center Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281. | 5.0 |