Search Results (331 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-0596 1 Cisco 1 Webex Meetings Server 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163.
CVE-2015-0589 1 Cisco 1 Webex Meetings Server 2025-04-12 N/A
The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460.
CVE-2016-4349 1 Cisco 1 Webex Productivity Tools 2025-04-12 N/A
Untrusted search path vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 allows local users to gain privileges via a Trojan horse cryptsp.dll, dwmapi.dll, msimg32.dll, ntmarta.dll, propsys.dll, riched20.dll, rpcrtremote.dll, secur32.dll, sxs.dll, or uxtheme.dll file in the current working directory, aka Bug ID CSCuy56140.
CVE-2010-3269 1 Cisco 2 Webex Advanced Recording Format Player, Webex Recording Format Player 2025-04-11 N/A
Multiple stack-based buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to use of a function pointer in a callback mechanism.
CVE-2011-4004 1 Cisco 1 Webex Recording Format Player 2025-04-11 N/A
Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.
CVE-2014-0682 1 Cisco 1 Webex Meetings Server 2025-04-11 N/A
Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL, aka Bug ID CSCuj42346.
CVE-2013-6710 1 Cisco 1 Webex Training Center 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567.
CVE-2013-5529 1 Cisco 1 Webex Meetings Server 2025-04-11 N/A
The deployment module in the server in Cisco WebEx Meeting Center does not properly validate the passphrase, which allows remote attackers to launch a deployment or cause a denial of service (deployment interruption) via a direct request, aka Bug ID CSCuf52200.
CVE-2013-3425 1 Cisco 1 Webex 2025-04-11 N/A
The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965.
CVE-2013-1205 1 Cisco 1 Webex Meetings Server 2025-04-11 N/A
The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords via crafted URLs, aka Bug ID CSCue62485.
CVE-2010-3044 1 Cisco 2 Webex Advanced Recording Format Player, Webex Recording Format Player 2025-04-11 N/A
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043.
CVE-2013-1244 1 Cisco 1 Webex Social 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in a post, aka Bug ID CSCue67199.
CVE-2011-3319 1 Cisco 1 Webex Recording Format Player 2025-04-11 N/A
Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.
CVE-2010-3042 1 Cisco 2 Webex Advanced Recording Format Player, Webex Recording Format Player 2025-04-11 N/A
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044.
CVE-2013-1232 1 Cisco 3 Webex Meetings Server, Webex Node For Asr 1000 Series, Webex Node For Mcs 2025-04-11 N/A
The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a crafted request, aka Bug IDs CSCue36672, CSCue31363, CSCuf17466, and CSCug61252.
CVE-2013-1107 1 Cisco 1 Webex Social 2025-04-11 N/A
The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235.
CVE-2013-1245 1 Cisco 1 Webex Social 2025-04-11 N/A
The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated users to bypass intended access restrictions via crafted requests, aka Bug ID CSCue67190.
CVE-2012-6397 1 Cisco 2 Quad, Webex Social 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub61977.
CVE-2012-6399 1 Cisco 1 Webex 2025-04-11 N/A
Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID CSCud94176.
CVE-2010-3270 1 Cisco 1 Webex Meeting Center 2025-04-11 N/A
Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed.