Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2015-12-27 CVE-2015-6005 Cross-site Scripting vulnerability in Progress Whatsup Gold
Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field.
network
low complexity
progress CWE-79
6.9
2015-12-27 CVE-2015-6004 SQL Injection vulnerability in Progress Whatsup Gold
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.
network
low complexity
progress CWE-89
6.5
2015-12-26 CVE-2015-8669 Information Exposure vulnerability in PHPmyadmin
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
network
low complexity
phpmyadmin CWE-200
5.3
2015-12-26 CVE-2015-6409 Information Exposure vulnerability in Cisco Jabber 10.6(2)
Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419.
network
high complexity
cisco CWE-200
5.9
2015-12-23 CVE-2015-7929 Information Exposure vulnerability in Ewon Firmware 10.0S0
eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
network
low complexity
ewon CWE-200
4.3
2015-12-23 CVE-2015-7927 Cross-site Scripting vulnerability in Ewon Firmware 10.0S0
Cross-site scripting (XSS) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ewon CWE-79
6.1
2015-12-23 CVE-2015-6851 Improper Access Control vulnerability in RSA Securid web Agent
EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector.
local
high complexity
rsa CWE-284
6.7
2015-12-23 CVE-2015-6471 Information Exposure vulnerability in Eaton Proview
Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data.
network
low complexity
eaton CWE-200
5.3
2015-12-23 CVE-2015-6431 Resource Management Errors vulnerability in Cisco IOS XE 16.1.1
Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405.
low complexity
cisco CWE-399
6.5
2015-12-22 CVE-2015-8373 Improper Input Validation vulnerability in ISC KEA 0.9.2/1.0.0
The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packet.
network
high complexity
isc CWE-20
6.8