Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-12 | CVE-2015-5471 | Path Traversal vulnerability in Swim Team Project Swim Team 1.44.10777 Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter. | 5.3 |
| 2016-01-12 | CVE-2015-4703 | Path Traversal vulnerability in Rename Project Rename 1.0 Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter. | 5.3 |
| 2016-01-12 | CVE-2015-4671 | Cross-site Scripting vulnerability in Opencart Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the zone_id parameter to index.php. | 6.1 |
| 2016-01-11 | CVE-2015-8335 | Information Exposure vulnerability in Huawei Vcn500 V100R002C00Spc200/V100R002C00Spc200B010 Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log. | 6.5 |
| 2016-01-11 | CVE-2015-7706 | Cross-site Scripting vulnerability in Ssp-Europe Secure Data Space 3.4.14 Multiple cross-site scripting (XSS) vulnerabilities in Secure Data Space SDS-API before 3.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to api/v3/public/shares/downloads/, the (2) authType parameter to api/v3/auth/login, or the (3) login parameter to api/v3/auth/reset_password. | 6.1 |
| 2016-01-11 | CVE-2015-7399 | Information Exposure vulnerability in IBM Integration BUS and Websphere Message Broker IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTTP server via unspecified vectors. | 5.3 |
| 2016-01-11 | CVE-2015-7024 | Unspecified vulnerability in Apple mac OS X Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature. | 6.7 |
| 2016-01-10 | CVE-2015-7116 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X and Tvos libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115. | 4.3 |
| 2016-01-10 | CVE-2015-7115 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116. | 4.3 |
| 2016-01-09 | CVE-2015-8512 | Improper Access Control vulnerability in Mozilla Firefox OS The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses. | 4.6 |