Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-03 | CVE-2017-5615 | Open Redirect vulnerability in Cpanel Cgiecho and Cgiemail cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location. | 6.1 |
| 2017-03-03 | CVE-2017-5614 | Open Redirect vulnerability in Cpanel Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter. | 6.1 |
| 2017-03-03 | CVE-2017-5571 | Open Redirect vulnerability in Flexerasoftware Flexnet Publisher 11.10/11.13.1.0/11.14.1 Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.1 |
| 2017-03-03 | CVE-2016-10203 | Cross-site Scripting vulnerability in Zoneminder Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. | 6.1 |
| 2017-03-03 | CVE-2016-10202 | Cross-site Scripting vulnerability in Zoneminder Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php. | 6.1 |
| 2017-03-03 | CVE-2016-10201 | Cross-site Scripting vulnerability in Zoneminder Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. | 6.1 |
| 2017-03-02 | CVE-2016-9892 | Improper Certificate Validation vulnerability in Eset Endpoint Antivirus and Endpoint Security The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. | 5.9 |
| 2017-03-02 | CVE-2017-6103 | Cross-site Scripting vulnerability in Anyvar Project Anyvar 0.1.1 Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1. | 6.1 |
| 2017-03-02 | CVE-2017-6102 | Cross-site Scripting vulnerability in Rockhoist Badges Project Rockhoist Badges Plugin 1.2.2 Persistent XSS in wordpress plugin rockhoist-badges v1.2.2. | 6.1 |
| 2017-03-02 | CVE-2016-10071 | Out-of-bounds Read vulnerability in Imagemagick coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. | 5.5 |