Cisco has updated its Unified MeetingPlace voice, video and Web conferencing solution to patch several vulnerabilities.

"In a current advisory, the vendor describes an SQL injection hole which can be exploited to manipulate or spy out database contents," according to The H Security.

"Furthermore, specially crafted URLs can apparently be used for setting up new user accounts without requiring the attacker to sign in beforehand," the article states. "Other flaws in the authentication protocol allow attackers to manipulate transmitted packets to spy out user names and passwords or even obtain admin privileges."

Click here to read the article at The H Security.