Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-09 | CVE-2016-7817 | Cross-site Scripting vulnerability in Simple Keitai Chat Project Simple Keitai Chat 2.0 Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-06-09 | CVE-2016-7816 | Improper Certificate Validation vulnerability in Cybozu Kintone The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2017-06-09 | CVE-2016-7813 | Cross-site Scripting vulnerability in Emon-Cms Deraemon-Cms Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username. | 6.1 |
| 2017-06-09 | CVE-2016-7810 | Cross-site Scripting vulnerability in Corega Cg-Wlr300Nx Firmware 1.20 Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. | 4.8 |
| 2017-06-09 | CVE-2016-7808 | Cross-site Scripting vulnerability in Corega Cg-Wlbaragm Firmware and Cg-Wlbargnl Firmware Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-06-09 | CVE-2016-7805 | Improper Certificate Validation vulnerability in Unisys Mobigate 2.2.1.2/2.2.4.1 The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2017-06-09 | CVE-2016-7802 | Path Traversal vulnerability in Cybozu Garoon Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | 6.5 |
| 2017-06-09 | CVE-2016-7801 | Improper Access Control vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors. | 4.3 |
| 2017-06-09 | CVE-2016-4910 | Improper Access Control vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors. | 4.3 |
| 2017-06-09 | CVE-2016-4909 | Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Garoon Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors. | 4.3 |