Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-19 | CVE-2015-3299 | Cross-site Scripting vulnerability in Floating Social BAR Project Floating Social BAR Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original service order. | 6.1 |
| 2017-09-19 | CVE-2015-1864 | Cross-site Scripting vulnerability in Kallithea-Scm Kallithea 0.1/0.2 Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5) user group description. | 5.4 |
| 2017-09-19 | CVE-2014-9610 | Permissions, Privileges, and Access Controls vulnerability in Netsweeper Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php. | 5.3 |
| 2017-09-19 | CVE-2014-6191 | Cross-site Scripting vulnerability in IBM Curam Social Program Management Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-09-19 | CVE-2017-14601 | SQL Injection vulnerability in Pragyan CMS Project Pragyan CMS 3.0 Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. | 4.9 |
| 2017-09-19 | CVE-2017-14600 | SQL Injection vulnerability in Pragyan CMS Project Pragyan CMS 3.0 Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. | 4.9 |
| 2017-09-19 | CVE-2017-14597 | Cross-site Scripting vulnerability in Afterlogic Aurora and Webmail AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain. | 4.8 |
| 2017-09-18 | CVE-2016-10511 | Improper Certificate Validation vulnerability in Twitter 6.62/6.62.1 The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features. | 5.9 |
| 2017-09-18 | CVE-2017-6147 | Unspecified vulnerability in F5 products In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Client and Server SSL profiles assigned to a BIG-IP Virtual Server. | 5.9 |
| 2017-09-18 | CVE-2017-0380 | Information Exposure Through Log Files vulnerability in Torproject TOR The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit. | 5.9 |