Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-10-03 CVE-2017-14988 Resource Exhaustion vulnerability in Openexr 2.2.0
Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp.
local
low complexity
openexr CWE-400
5.5
5.5
2017-10-03 CVE-2017-14985 Cross-site Scripting vulnerability in Eyesofnetwork 5.10
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php.
network
low complexity
eyesofnetwork CWE-79
5.4
5.4
2017-10-03 CVE-2017-14984 Cross-site Scripting vulnerability in Eyesofnetwork 5.10
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /module/admin_bp/add_services.php.
network
low complexity
eyesofnetwork CWE-79
5.4
5.4
2017-10-03 CVE-2017-14983 Cross-site Scripting vulnerability in Eyesofnetwork 5.10
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/admin_conf/index.php.
network
low complexity
eyesofnetwork CWE-79
4.8
4.8
2017-10-03 CVE-2017-14981 Cross-site Scripting vulnerability in Atutor
Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3.
network
low complexity
atutor CWE-79
5.4
5.4
2017-10-03 CVE-2017-14771 Improper Input Validation vulnerability in Skyboxsecurity Skybox Manager Client Application 8.5.500
Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application.
local
low complexity
skyboxsecurity CWE-20
5.5
5.5
2017-10-03 CVE-2017-14770 Information Exposure vulnerability in Skyboxsecurity Skybox Manager Client Application 8.5.500
Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes.
local
low complexity
skyboxsecurity CWE-200
5.5
5.5
2017-10-03 CVE-2017-14756 Cross-site Scripting vulnerability in Opentext Document Sciences Xpression 4.5
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id).
network
low complexity
opentext CWE-79
6.1
6.1
2017-10-03 CVE-2017-14755 Cross-site Scripting vulnerability in Opentext Document Sciences Xpression 4.5
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId.
network
low complexity
opentext CWE-79
6.1
6.1
2017-10-03 CVE-2017-14754 Path Traversal vulnerability in Opentext Document Sciences Xpression 4.5
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename.
network
low complexity
opentext CWE-22
6.5
6.5