CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2015-4218
https://notcve.org/view.php?id=CVE-2015-4218
The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858. La interfaz de usuario basada en web en Cisco Jabber hasta 9.6(3) y 9.7 hasta 9.7(5) en Windows permite a atacantes remotos obtener información sensible a través de un valor manipulado en una solicitud GET, también conocido como Bug IDs CSCuu65622 y CSCuu70858. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39494 http://www.securityfocus.com/bid/75377 http://www.securitytracker.com/id/1032711 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8025
https://notcve.org/view.php?id=CVE-2014-8025
The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801. La API en Guest Server en Cisco Jabber, cuando se emplea HTML5, permite a atacantes remotos obtener información sensible capturando el tráfico de la red durante una petición HTTP (1) GET o (2) POST, también conocido como Bug ID CSCus19801. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8025 http://www.securityfocus.com/bid/71768 http://www.securitytracker.com/id/1031422 https://tools.cisco.com/security/center/viewAlert.x?alertId=36871 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8026
https://notcve.org/view.php?id=CVE-2014-8026
Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco Jabber allows remote attackers to inject arbitrary web script or HTML via a (1) GET or (2) POST parameter, aka Bug ID CSCus08074. Vulnerabilidad XSS en Guest Server de Cisco Jabber permite a atacantes remotos inyectar web scripts o HTML arbitrarios mediante el parámentro (1) GET o (2) POST, también conocida como Bug ID CSCus08074. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8026 http://www.securityfocus.com/bid/71769 http://www.securitytracker.com/id/1031422 https://tools.cisco.com/security/center/viewAlert.x?alertId=36872 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8024
https://notcve.org/view.php?id=CVE-2014-8024
The API in the Guest Server in Cisco Jabber, when the HTML5 CORS feature is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST request, aka Bug ID CSCus19789. La API en Guest Server en Cisco Jabber, cuando la se usa la utilidad CORS de HTML5, permite a atacantes remotos obtener información sensible capturando el tráfico de la red durante una petición HTTP (1) GET o (2) POST, también conocido como Bug ID CSCus19789. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8024 http://www.securityfocus.com/bid/71770 http://www.securitytracker.com/id/1031422 https://tools.cisco.com/security/center/viewAlert.x?alertId=36870 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 2%CPEs: 17EXPL: 0CVE-2014-0666
https://notcve.org/view.php?id=CVE-2014-0666
Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056. Vulnerbailidad d erecorrido de directorios en la implementación de Send Screen Capture de Cisco Jabber 9.2(.1) y anteriores en Windows permite a atacantes remotos subir tipos de archivo arbitrarios, y consecuentemente ejecutar código de forma arbitraria, a través de paquetes modificados, tambien conocido como Bug ID CSCug48056. • http://osvdb.org/102122 http://secunia.com/advisories/56331 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0666 http://tools.cisco.com/security/center/viewAlert.x?alertId=32451 http://www.securityfocus.com/bid/64965 http://www.securitytracker.com/id/1029635 https://exchange.xforce.ibmcloud.com/vulnerabilities/90435 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •