Monthly Archive: December 2013

ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) –pager, (2) –regex, or (3) –output option in a .ackrc file in a directory to be searched. Date published :...

Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121. Date published : 2013-12-14 http://www.securityfocus.com/bid/64286 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6973

Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126. Date published : 2013-12-14 http://www.securityfocus.com/bid/64282 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6972

Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140. Date published : 2013-12-14 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6971...

Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928. Date published : 2013-12-14 http://www.securityfocus.com/bid/64306 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6970

The training-registration page in Cisco WebEx Training Center allows remote attackers to modify unspecified fields via unknown vectors, aka Bug ID CSCul35990. Date published : 2013-12-14 http://www.securityfocus.com/bid/64305 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6969

Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003....

Open redirect vulnerability in the mobile-browser subsystem in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36020. Date...

The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential...

Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197. Date published : 2013-12-14 http://www.securityfocus.com/bid/64280 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6964

Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207. Date published :...

Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228. Date published :...

Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237....

Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248. Date published : 2013-12-14 http://www.securityfocus.com/bid/64273 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6960