Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-10-24 CVE-2017-1212 Unspecified vulnerability in IBM Daeja Viewone
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file.
network
low complexity
ibm
6.5
2017-10-24 CVE-2017-1209 Cross-site Scripting vulnerability in IBM Daeja Viewone
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-10-24 CVE-2016-3049 Cross-site Scripting vulnerability in IBM Openpages GRC Platform 7.1/7.2/7.3
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
5.4
2017-10-24 CVE-2017-15874 Integer Underflow (Wrap or Wraparound) vulnerability in Busybox 1.27.2
archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.
local
low complexity
busybox CWE-191
5.5
2017-10-24 CVE-2017-15873 Integer Overflow or Wraparound vulnerability in multiple products
The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.
local
low complexity
busybox debian canonical CWE-190
5.5
2017-10-24 CVE-2017-15872 Cross-site Scripting vulnerability in PHPwcms 1.8.9
phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field.
network
low complexity
phpwcms CWE-79
4.8
2017-10-24 CVE-2017-15867 Cross-site Scripting vulnerability in User-Login-History Project User-Login-History
Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) browser, (7) operating_system, or (8) ip_address parameter to admin/partials/listing/listing.php.
network
low complexity
user-login-history-project CWE-79
6.1
2017-10-24 CVE-2017-15863 Cross-site Scripting vulnerability in WP NO External Links Project WP NO External Links
Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php.
network
low complexity
wp-no-external-links-project CWE-79
6.1
2017-10-24 CVE-2017-15223 Infinite Loop vulnerability in Argosoft Mini Mail Server 1.0.0.2
Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop.
network
low complexity
argosoft CWE-835
5.3
2017-10-24 CVE-2017-15186 Double Free vulnerability in Ffmpeg
Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.
network
low complexity
ffmpeg CWE-415
6.5