Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-19 | CVE-2017-9764 | Cross-site Scripting vulnerability in Metinfo 5.3.17 Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action. | 6.1 |
| 2017-07-19 | CVE-2017-11448 | Information Exposure vulnerability in Imagemagick The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. | 6.5 |
| 2017-07-19 | CVE-2017-11447 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service. | 6.5 |
| 2017-07-19 | CVE-2017-11446 | Infinite Loop vulnerability in Imagemagick 7.0.61 The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file. | 6.5 |
| 2017-07-19 | CVE-2017-11441 | Cross-site Scripting vulnerability in Cpanel WHM The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297. | 5.4 |
| 2017-07-19 | CVE-2017-11440 | Path Traversal vulnerability in Sitecore CMS 8.2 In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter. | 4.9 |
| 2017-07-19 | CVE-2017-11439 | Cross-site Scripting vulnerability in Sitecore CMS 8.2 In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter. | 5.4 |
| 2017-07-19 | CVE-2017-10801 | Cross-site Scripting vulnerability in PHPsocial phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO to the search/tag/ URI. | 6.1 |
| 2017-07-18 | CVE-2017-11423 | Out-of-bounds Read vulnerability in Libmspack Project Libmspack 0.5 The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. | 5.5 |
| 2017-07-18 | CVE-2017-5247 | Cross-site Scripting vulnerability in Biscom Secure File Transfer Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. | 5.4 |