Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-25 | CVE-2016-4826 | Cross-site Scripting vulnerability in Collne Welcart E-Commerce Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827. | 6.1 |
| 2016-06-25 | CVE-2016-4825 | Improper Input Validation vulnerability in Collne Welcart E-Commerce The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. | 5.6 |
| 2016-06-25 | CVE-2016-4824 | 7PK - Security Features vulnerability in Corega Cg-Wlr300Gnv-W Firmware and Cg-Wlr300Gnv Firmware The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack. | 5.3 |
| 2016-06-25 | CVE-2016-1190 | Improper Access Control vulnerability in Cybozu Garoon Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. | 6.5 |
| 2016-06-25 | CVE-2016-1188 | Unspecified vulnerability in Cybozu Garoon Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. | 6.5 |
| 2016-06-25 | CVE-2016-4528 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. | 5.0 |
| 2016-06-25 | CVE-2016-4525 | Unspecified vulnerability in Advantech Webaccess Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. | 6.6 |
| 2016-06-24 | CVE-2016-5709 | Information Exposure vulnerability in Solarwinds Virtualization Manager 6.3.1 SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack. | 4.7 |
| 2016-06-24 | CVE-2016-5435 | Resource Management Errors vulnerability in Huawei Firmware V5500R001C00 Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet. | 5.9 |
| 2016-06-24 | CVE-2016-5021 | Information Exposure vulnerability in F5 products The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors. | 4.9 |