Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-03-02 CVE-2017-6396 Cross-site Scripting vulnerability in Webpagetest Project Webpagetest 3.0
An issue was discovered in WPO-Foundation WebPageTest 3.0.
network
low complexity
webpagetest-project CWE-79
6.1
2017-03-02 CVE-2017-6395 Cross-site Scripting vulnerability in Hashover Project Hashover 2.0
An issue was discovered in HashOver 2.0.
network
low complexity
hashover-project CWE-79
6.1
2017-03-02 CVE-2017-6394 Cross-site Scripting vulnerability in Open-Emr Openemr 5.0.1
Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR 5.0.0 and 5.0.1-dev.
network
low complexity
open-emr CWE-79
6.1
2017-03-02 CVE-2017-6393 Cross-site Scripting vulnerability in Nagvis 1.9
An issue was discovered in NagVis 1.9b12.
network
low complexity
nagvis CWE-79
6.1
2017-03-02 CVE-2017-6392 Cross-site Scripting vulnerability in Kaltura Server
An issue was discovered in Kaltura server Lynx-12.11.0.
network
low complexity
kaltura CWE-79
6.1
2017-03-02 CVE-2017-6391 Cross-site Scripting vulnerability in Kaltura Server
An issue was discovered in Kaltura server Lynx-12.11.0.
network
low complexity
kaltura CWE-79
6.1
2017-03-02 CVE-2017-6390 Cross-site Scripting vulnerability in Soruly Whatanime.Ga 34C7155C6Fd82B7746Fe8B56Eb89Bf278553C421
An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d.
network
low complexity
soruly CWE-79
6.1
2017-03-02 CVE-2017-6384 Missing Release of Resource after Effective Lifetime vulnerability in Atheme 7.2.7
Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service.
network
low complexity
atheme CWE-772
7.5
2017-03-02 CVE-2017-6062 Improper Authentication vulnerability in Openidc MOD Auth Openidc
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.
network
low complexity
openidc CWE-287
8.6
2017-03-02 CVE-2015-8994 Permissions, Privileges, and Access Controls vulnerability in PHP
An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled.
network
high complexity
php CWE-264
7.5