Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-19 CVE-2015-3420 Improper Certificate Validation vulnerability in multiple products
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
network
high complexity
dovecot fedoraproject CWE-295
5.9
5.9
2017-09-19 CVE-2015-3419 Improper Input Validation vulnerability in Vbulletin
vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure.
network
low complexity
vbulletin CWE-20
6.5
6.5
2017-09-19 CVE-2015-3299 Cross-site Scripting vulnerability in Floating Social BAR Project Floating Social BAR
Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original service order.
network
low complexity
floating-social-bar-project CWE-79
6.1
6.1
2017-09-19 CVE-2015-1864 Cross-site Scripting vulnerability in Kallithea-Scm Kallithea 0.1/0.2
Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5) user group description.
network
low complexity
kallithea-scm CWE-79
5.4
5.4
2017-09-19 CVE-2014-9610 Permissions, Privileges, and Access Controls vulnerability in Netsweeper
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.
network
low complexity
netsweeper CWE-264
5.3
5.3
2017-09-19 CVE-2014-6191 Cross-site Scripting vulnerability in IBM Curam Social Program Management
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
5.4
2017-09-19 CVE-2017-14601 SQL Injection vulnerability in Pragyan CMS Project Pragyan CMS 3.0
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.
network
low complexity
pragyan-cms-project CWE-89
4.9
4.9
2017-09-19 CVE-2017-14600 SQL Injection vulnerability in Pragyan CMS Project Pragyan CMS 3.0
Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.
network
low complexity
pragyan-cms-project CWE-89
4.9
4.9
2017-09-19 CVE-2017-14597 Cross-site Scripting vulnerability in Afterlogic Aurora and Webmail
AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.
network
low complexity
afterlogic CWE-79
4.8
4.8
2017-09-18 CVE-2016-10511 Improper Certificate Validation vulnerability in Twitter 6.62/6.62.1
The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features.
network
high complexity
twitter CWE-295
5.9
5.9