 |
|
|
|
| Cisco Unified MeetingPlace multiple security vulnerabilities | | Published: |  | 28.01.2010 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 10566 | | Type: |  | remote | | Level: |  | 6/10 | | Description: |  | SQL injection, unauthorized access, information leak, privilege escalation. |
| Affected: |  | CISCO : Unified MeetingPlace 5 | | | | CISCO : Unified MeetingPlace 6 | | | | CISCO : Unified MeetingPlace 7 | | CVE: |  | CVE-2010-0142 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote authenticated users to gain privileges via a modified authentication sequence, aka Bug ID CSCsv66530.) | | | | CVE-2010-0141 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified authentication sequence to the Audio Server, aka Bug ID CSCsv76935.) | | | | CVE-2010-0140 (Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661.) | | | | CVE-2010-0139 (Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in a database via unspecified vectors, aka Bug ID CSCtc39691.) |
|
|
|
|
|
|
|
|
