Skip to main content
CVE-2014-3305 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Webex Meetings Server
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-3326 MEDIUM This Month

SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Security Manager
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2014-3328 MEDIUM This Month

The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Unified Presence Server
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-3301 MEDIUM This Month

The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-2966 MEDIUM PATCH This Month

The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

XSS Resin
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-4857 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Testrail
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-3324 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Telepresence Server Software
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-3071 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4748 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sametime
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy