Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-31 CVE-2014-8676 Path Traversal vulnerability in Soplanning
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a ..
network
low complexity
soplanning CWE-22
5.3
2017-08-31 CVE-2017-7855 Cross-site Scripting vulnerability in Icewarp Server 11.3.1.5
In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter.
network
low complexity
icewarp CWE-79
6.1
2017-08-31 CVE-2016-10510 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection mechanism in system/classes/Kohana/Security.php.
network
low complexity
kohanaframework debian CWE-79
6.1
2017-08-31 CVE-2016-10508 Cross-site Scripting vulnerability in PHPthumb Project PHPthumb 1.7.11/1.7.12/1.7.13
Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php.
network
low complexity
phpthumb-project CWE-79
6.1
2017-08-31 CVE-2017-14070 Cross-site Scripting vulnerability in Nexusphp 1.5
Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF.
network
low complexity
nexusphp CWE-79
6.1
2017-08-31 CVE-2017-14060 NULL Pointer Dereference vulnerability in multiple products
In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.
network
low complexity
imagemagick canonical CWE-476
6.5
2017-08-31 CVE-2017-14059 Excessive Iteration vulnerability in Ffmpeg 3.3.3
In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption.
network
low complexity
ffmpeg CWE-834
6.5
2017-08-31 CVE-2017-14058 Infinite Loop vulnerability in Ffmpeg 3.3.3
In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).
network
low complexity
ffmpeg CWE-835
6.5
2017-08-31 CVE-2017-14057 Excessive Iteration vulnerability in Ffmpeg 3.3.3
In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption.
network
low complexity
ffmpeg CWE-834
6.5
2017-08-31 CVE-2017-14056 Excessive Iteration vulnerability in Ffmpeg 3.3.3
In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption.
network
low complexity
ffmpeg CWE-834
6.5