Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-11 | CVE-2015-5054 | Open Redirect vulnerability in Ellucian Banner Student Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter. | 6.1 |
| 2017-09-11 | CVE-2015-4688 | Information Exposure vulnerability in Ellucian Banner Student Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests. | 5.3 |
| 2017-09-11 | CVE-2015-4687 | Cross-site Scripting vulnerability in Ellucian Banner Student 8.5.1.2 Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-09-11 | CVE-2017-1000249 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in File Project File 5.29 An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. | 5.5 |
| 2017-09-11 | CVE-2015-7879 | Cross-site Scripting vulnerability in Stickynote Project Stickynote Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page. | 5.4 |
| 2017-09-11 | CVE-2017-7650 | Improper Authentication vulnerability in multiple products In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. | 6.5 |
| 2017-09-11 | CVE-2017-14268 | Cross-site Scripting vulnerability in EE 4Gee Wifi MBB Firmware Ee600005.0025 EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request. | 6.1 |
| 2017-09-11 | CVE-2017-14249 | Divide By Zero vulnerability in Imagemagick 7.0.68 ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. | 6.5 |
| 2017-09-11 | CVE-2017-14248 | Out-of-bounds Read vulnerability in Imagemagick 7.0.68 A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file. | 6.5 |
| 2017-09-11 | CVE-2017-14241 | Cross-site Scripting vulnerability in Dolibarr 6.0.0 Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php. | 5.4 |