Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-06 | CVE-2016-1173 | Cross-site Scripting vulnerability in Hiniarata Casebook Plugin 0.9.2 Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-04-06 | CVE-2016-1172 | Cross-Site Request Forgery (CSRF) vulnerability in Hiniarata Casebook Plugin 0.9.2 Cross-site request forgery (CSRF) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators. | 8.8 |
| 2016-04-06 | CVE-2016-1171 | Cross-site Scripting vulnerability in Hiniarata Casebook Plugin 0.9.2 Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-04-06 | CVE-2016-1170 | Cross-Site Request Forgery (CSRF) vulnerability in Hiniarata Casebook Plugin 0.9.2/0.9.3 Cross-site request forgery (CSRF) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to hijack the authentication of administrators. | 8.8 |
| 2016-04-06 | CVE-2016-1169 | Cross-site Scripting vulnerability in Hiniarata Casebook Plugin 0.9.2/0.9.3 Cross-site scripting (XSS) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-04-06 | CVE-2016-0871 | Information Exposure vulnerability in Eaton Lighting Systems EG2 web Control 4.04P Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request. | 7.5 |
| 2016-04-06 | CVE-2015-7921 | Credentials Management vulnerability in Schneider-Electric products The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials. | 9.1 |
| 2016-04-06 | CVE-2015-6313 | Resource Management Errors vulnerability in multiple products Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565. | 7.5 |
| 2016-04-06 | CVE-2015-6312 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348. | 7.5 |
| 2016-04-06 | CVE-2016-3969 | Cross-site Scripting vulnerability in Mcafee Email Gateway Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email. | 6.1 |