Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-28 CVE-2014-9557 Cross-site Scripting vulnerability in Smartwebsites Smartcms 2.0
Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2.
network
low complexity
smartwebsites CWE-79
6.1
6.1
2017-08-28 CVE-2014-9514 Cross-site Scripting vulnerability in BMC Footprints Service Core 11.5
Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5.
network
low complexity
bmc CWE-79
6.1
6.1
2017-08-28 CVE-2014-9469 Cross-site Scripting vulnerability in Vbulletin
Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3.
network
low complexity
vbulletin CWE-79
6.1
6.1
2017-08-28 CVE-2014-8753 Cross-site Scripting vulnerability in Cit-E-Net Cit-E-Access 6.0
Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net Cit-e-Access 6.
network
low complexity
cit-e-net CWE-79
6.1
6.1
2017-08-28 CVE-2014-8168 Improper Access Control vulnerability in Redhat Satellite 6.0
Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.
local
low complexity
redhat CWE-284
6.1
6.1
2017-08-28 CVE-2014-4925 Cross-site Scripting vulnerability in Good for Enterprise 1.9.0.40/2.8.0.398
Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40.
network
low complexity
good CWE-79
6.1
6.1
2017-08-28 CVE-2014-0141 Cross-site Scripting vulnerability in Redhat Satellite 6.0.3
Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3.
network
low complexity
redhat CWE-79
6.1
6.1
2017-08-26 CVE-2017-7693 Path Traversal vulnerability in Riverbed Opnet APP Response Xpert 9.6.1
Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files.
network
low complexity
riverbed CWE-22
6.5
6.5
2017-08-25 CVE-2017-9640 Path Traversal vulnerability in multiple products
A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior.
network
low complexity
automatedlogic carrier CWE-22
6.3
6.3
2017-08-25 CVE-2017-7934 Improper Authentication vulnerability in Osisoft PI Data Archive
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017.
network
high complexity
osisoft CWE-287
5.9
5.9