Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-12 CVE-2017-14314 Out-of-bounds Read vulnerability in multiple products
Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.
network
low complexity
graphicsmagick debian CWE-125
6.5
6.5
2017-09-12 CVE-2017-14313 Cross-site Scripting vulnerability in Shibboleth Project Shibboleth
The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg().
network
low complexity
shibboleth-project CWE-79
6.1
6.1
2017-09-11 CVE-2015-8354 Cross-site Scripting vulnerability in Ultimatemember Ultimate Member
Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php.
network
low complexity
ultimatemember CWE-79
6.1
6.1
2017-09-11 CVE-2015-8353 Cross-site Scripting vulnerability in Role Scoper Project Role Scoper
Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a rs-object_role_edit page to wp-admin/admin.php.
network
low complexity
role-scoper-project CWE-79
6.1
6.1
2017-09-11 CVE-2015-8350 Cross-site Scripting vulnerability in Inboundnow Call to Action
Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab parameter in a wp_cta_global_settings action to wp-admin/edit.php or (2) wp-cta-variation-id parameter to ab-testing-call-to-action-example/.
network
low complexity
inboundnow CWE-79
6.1
6.1
2017-09-11 CVE-2015-8349 Cross-site Scripting vulnerability in Gameconnect Sourcebans 1.4.11
Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.
network
low complexity
gameconnect CWE-79
6.1
6.1
2017-09-11 CVE-2015-5054 Open Redirect vulnerability in Ellucian Banner Student
Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter.
network
low complexity
ellucian CWE-601
6.1
6.1
2017-09-11 CVE-2015-4688 Information Exposure vulnerability in Ellucian Banner Student
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests.
network
low complexity
ellucian CWE-200
5.3
5.3
2017-09-11 CVE-2015-4687 Cross-site Scripting vulnerability in Ellucian Banner Student 8.5.1.2
Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ellucian CWE-79
6.1
6.1
2017-09-11 CVE-2017-1000249 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in File Project File 5.29
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary.
local
low complexity
file-project CWE-119
5.5
5.5