Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-08-01 | CVE-2014-3302 | Cryptographic Issues vulnerability in Cisco Webex Meetings Server user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708. | 5.8 |
| 2014-07-29 | CVE-2014-3329 | Cross-Site Scripting vulnerability in Cisco Prime Data Center Network Manager Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620. | 4.3 |
| 2014-07-28 | CVE-2014-3304 | Information Exposure vulnerability in Cisco Webex Meetings Server The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722. | 5.0 |
| 2014-07-28 | CVE-2014-3303 | Information Exposure vulnerability in Cisco Webex Meetings Server The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713. | 4.0 |
| 2014-07-26 | CVE-2014-3328 | Resource Exhaustion vulnerability in Cisco Unified Presence Server The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125. | 5.0 |
| 2014-07-26 | CVE-2014-3326 | SQL Injection vulnerability in Cisco Security Manager 4.5/4.6 SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957. | 6.5 |
| 2014-07-26 | CVE-2014-3324 | Cross-Site Scripting vulnerability in Cisco Telepresence Server Software Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060. | 4.3 |
| 2014-07-26 | CVE-2014-3305 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings Server Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735. | 6.8 |
| 2014-07-26 | CVE-2014-3301 | Information Exposure vulnerability in Cisco Webex Meetings Server The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700. | 5.0 |
| 2014-07-24 | CVE-2014-3322 | Improper Input Validation vulnerability in Cisco products Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417. | 6.1 |