Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-23 | CVE-2011-2684 | Link Following vulnerability in Rkkda Foo2Zjs 20090908Dfsg5.1+Squeeze0/20110722Dfsg1/20110722Dfsg3Ubuntu1 foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs. | 5.5 |
| 2017-10-23 | CVE-2011-2683 | 7PK - Security Features vulnerability in Reseed Project Reseed reseed seeds random numbers from an insecure HTTP request to random.org during installation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a man-in-the-middle attack. | 5.9 |
| 2017-10-23 | CVE-2017-15812 | Cross-site Scripting vulnerability in Easy-Appointments Easy Appointments The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel. | 6.1 |
| 2017-10-23 | CVE-2017-15811 | Cross-site Scripting vulnerability in Pootlepress Pootle Button 1.0.0/1.1.0/1.1.1 The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php. | 5.4 |
| 2017-10-23 | CVE-2017-15810 | Cross-site Scripting vulnerability in Popcash Popcash.Net Code Integration Tool 1.0 The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress has XSS via the tab parameter to wp-admin/admin.php. | 6.1 |
| 2017-10-23 | CVE-2017-15809 | Cross-site Scripting vulnerability in PHPmyfaq In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag. | 6.1 |
| 2017-10-23 | CVE-2016-10516 | Cross-site Scripting vulnerability in Palletsprojects Werkzeug Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message. | 6.1 |
| 2017-10-23 | CVE-2017-9947 | Path Traversal vulnerability in Siemens products A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. | 5.3 |
| 2017-10-23 | CVE-2017-15687 | Cross-site Scripting vulnerability in Logitech Media Server DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI. | 6.1 |
| 2017-10-23 | CVE-2017-15380 | Cross-site Scripting vulnerability in Softwarepublico E-Sic 1.0 XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter. | 6.1 |