Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-19 | CVE-2017-12284 | Information Exposure vulnerability in Cisco Jabber 11.8(.4) A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. | 5.5 |
| 2017-10-19 | CVE-2017-12272 | Cross-site Scripting vulnerability in Cisco IOS XE 16.1.2/16.2.0/16.3(1) A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. | 6.1 |
| 2017-10-18 | CVE-2015-6961 | Open Redirect vulnerability in Web2Py 2.9.11 Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to user/logout. | 6.1 |
| 2017-10-18 | CVE-2017-15359 | Path Traversal vulnerability in 3CX 15.5.3554.1 In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. | 6.5 |
| 2017-10-18 | CVE-2017-14956 | Cross-Site Request Forgery (CSRF) vulnerability in Alienvault Unified Security Management AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. | 5.7 |
| 2017-10-18 | CVE-2015-7943 | Open Redirect vulnerability in multiple products Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.1 |
| 2017-10-18 | CVE-2015-1239 | Double Free vulnerability in multiple products Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF. | 6.5 |
| 2017-10-18 | CVE-2015-3400 | Information Exposure vulnerability in Zfsonlinux ZFS 0.6.4 sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files. | 4.3 |
| 2017-10-18 | CVE-2014-8491 | Information Exposure vulnerability in Codeasily Grand Flagallery 1.56 The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-album-gallery/skins/banner_widget_default/gallery.php. | 5.3 |
| 2017-10-18 | CVE-2014-7813 | Resource Exhaustion vulnerability in Redhat Cloudforms 3.0 Management Engine Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack of garbage collection of inserted symbols. | 6.5 |