Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-09 | CVE-2017-9525 | Link Following vulnerability in multiple products In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. | 6.7 |
| 2017-06-09 | CVE-2017-2187 | Cross-site Scripting vulnerability in 3CX Live Chat Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-06-09 | CVE-2017-2180 | Information Exposure vulnerability in IPA Appgoat 3.0.0/3.0.1/3.0.2 Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors. | 4.3 |
| 2017-06-09 | CVE-2017-2165 | Information Exposure vulnerability in Groupsession 4.6.4 GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors. | 6.5 |
| 2017-06-09 | CVE-2016-7832 | Information Exposure vulnerability in Cybozu Dezie Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. | 5.3 |
| 2017-06-09 | CVE-2016-7831 | Open Redirect vulnerability in Fenrir-Inc Sleipnir 4.5.3 Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage. | 6.1 |
| 2017-06-09 | CVE-2016-7826 | Path Traversal vulnerability in Buffalotech Wnc01Wh Firmware 1.0.0.8 Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests. | 6.5 |
| 2017-06-09 | CVE-2016-7825 | Path Traversal vulnerability in Buffalotech Wnc01Wh Firmware 1.0.0.8 Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands. | 6.5 |
| 2017-06-09 | CVE-2016-7823 | Cross-site Scripting vulnerability in Buffalotech Wnc01Wh Firmware 1.0.0.8 Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2017-06-09 | CVE-2016-7821 | Improper Input Validation vulnerability in Buffalotech Wnc01Wh Firmware 1.0.0.8 Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors. | 6.5 |