Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-10-16 CVE-2014-8087 Cross-site Scripting vulnerability in Post Highlights Projects Post Highlights
Cross-site scripting (XSS) vulnerability in the post highlights plugin before 2.6.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the txt parameter in a headline action to ajax/ph_save.php.
network
low complexity
post-highlights-projects CWE-79
6.1
6.1
2017-10-16 CVE-2016-8734 Resource Exhaustion vulnerability in multiple products
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion.
network
low complexity
apache debian CWE-400
6.5
6.5
2017-10-16 CVE-2014-0029 Cross-site Scripting vulnerability in Redhat Subscription Asset Manager 1.0.0
Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
network
low complexity
redhat CWE-79
6.1
6.1
2017-10-16 CVE-2017-15375 Cross-site Scripting vulnerability in Wpjobboard 4.5.1
Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress.
network
low complexity
wpjobboard CWE-79
6.1
6.1
2017-10-16 CVE-2017-15374 Cross-site Scripting vulnerability in Shopware
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules.
network
low complexity
shopware CWE-79
6.1
6.1
2017-10-16 CVE-2017-15372 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2.
local
low complexity
sound-exchange-project debian CWE-119
5.5
5.5
2017-10-16 CVE-2017-15371 Reachable Assertion vulnerability in multiple products
There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2.
local
low complexity
sound-exchange-project debian CWE-617
5.5
5.5
2017-10-16 CVE-2017-15370 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2.
local
low complexity
sound-exchange-project debian CWE-119
5.5
5.5
2017-10-16 CVE-2017-15362 Cross-site Scripting vulnerability in Osticket 1.10.1
osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS.
network
low complexity
osticket CWE-79
6.1
6.1
2017-10-15 CVE-2017-15364 Double Free vulnerability in Ccsv Project Ccsv 1.1.0
The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file.
local
low complexity
ccsv-project CWE-415
5.5
5.5