Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-11 CVE-2015-5054 Open Redirect vulnerability in Ellucian Banner Student
Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter.
network
low complexity
ellucian CWE-601
6.1
2017-09-11 CVE-2015-4688 Information Exposure vulnerability in Ellucian Banner Student
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests.
network
low complexity
ellucian CWE-200
5.3
2017-09-11 CVE-2015-4687 Cross-site Scripting vulnerability in Ellucian Banner Student 8.5.1.2
Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ellucian CWE-79
6.1
2017-09-11 CVE-2017-1000249 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in File Project File 5.29
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary.
local
low complexity
file-project CWE-119
5.5
2017-09-11 CVE-2015-7879 Cross-site Scripting vulnerability in Stickynote Project Stickynote
Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page.
network
low complexity
stickynote-project CWE-79
5.4
2017-09-11 CVE-2017-7650 Improper Authentication vulnerability in multiple products
In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'.
network
low complexity
eclipse debian CWE-287
6.5
2017-09-11 CVE-2017-14268 Cross-site Scripting vulnerability in EE 4Gee Wifi MBB Firmware Ee600005.0025
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request.
network
low complexity
ee CWE-79
6.1
2017-09-11 CVE-2017-14249 Divide By Zero vulnerability in Imagemagick 7.0.68
ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.
network
low complexity
imagemagick CWE-369
6.5
2017-09-11 CVE-2017-14248 Out-of-bounds Read vulnerability in Imagemagick 7.0.68
A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file.
network
low complexity
imagemagick CWE-125
6.5
2017-09-11 CVE-2017-14241 Cross-site Scripting vulnerability in Dolibarr 6.0.0
Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php.
network
low complexity
dolibarr CWE-79
5.4