Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Lync Server Security Vulnerabilities

cve
cve

CVE-2015-2531

Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure...

5.1AI Score

0.026EPSS

2015-09-09 12:59 AM
26
cve
cve

CVE-2015-2532

Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync Server XSS Information Disclosure...

5.1AI Score

0.026EPSS

2015-09-09 12:59 AM
23
cve
cve

CVE-2015-2536

Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Elevation of Privilege...

5.3AI Score

0.032EPSS

2015-09-09 12:59 AM
31
cve
cve

CVE-2014-4070

Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure...

5AI Score

0.027EPSS

2014-09-10 01:55 AM
22
cve
cve

CVE-2014-4068

The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service...

6.6AI Score

0.038EPSS

2014-09-10 01:55 AM
22
cve
cve

CVE-2014-4071

The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka "Lync Denial of Service...

6.6AI Score

0.021EPSS

2014-09-10 01:55 AM
24
cve
cve

CVE-2014-1823

Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitization...

5.6AI Score

0.846EPSS

2014-06-11 04:56 AM
26
cve
cve

CVE-2013-1302

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE...

7.4AI Score

0.733EPSS

2013-05-15 03:36 AM
95