|
279561
|
- |
|
cisco
|
jabber_guest
|
Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco Jabber allows remote attackers to inject arbitrary web script or HTML via a (1) GET or (2) POST parameter, aka Bug ID CSCus08074.
|
CWE-79
Cross-site Scripting
|
CVE-2014-8026
|
2024-11-21 11:18 |
2014-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279562
|
- |
|
cisco
|
jabber_guest
|
The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug I…
|
CWE-200
Information Exposure
|
CVE-2014-8025
|
2024-11-21 11:18 |
2014-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279563
|
- |
|
cisco
|
jabber_guest
|
The API in the Guest Server in Cisco Jabber, when the HTML5 CORS feature is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST re…
|
CWE-200
Information Exposure
|
CVE-2014-8024
|
2024-11-21 11:18 |
2014-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279564
|
- |
|
cisco
|
unified_communications_domain_manager
|
Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8018
|
2024-11-21 11:18 |
2014-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279565
|
- |
|
cisco
|
identity_services_engine_software
|
The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a re…
|
CWE-200
Information Exposure
|
CVE-2014-8017
|
2024-11-21 11:18 |
2014-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279566
|
- |
|
cisco
|
identity_services_engine_software
|
The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur6440…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8015
|
2024-11-21 11:18 |
2014-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279567
|
- |
|
php
|
php
|
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execu…
|
NVD-CWE-Other
|
CVE-2014-8142
|
2024-11-21 11:18 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279568
|
- |
|
cisco
|
enterprise_content_delivery_system
|
Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148.
|
CWE-22
Path Traversal
|
CVE-2014-8019
|
2024-11-21 11:18 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279569
|
- |
|
cisco
|
prime_infrastructure
|
Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019.
|
CWE-200
Information Exposure
|
CVE-2014-8007
|
2024-11-21 11:18 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279570
|
- |
|
mageia
redhat
canonical
opensuse
|
mageia
libvirt
ubuntu_linux
opensuse
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
|
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denia…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8136
|
2024-11-21 11:18 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
