Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-05-08 CVE-2017-0891 Cross-site Scripting vulnerability in Nextcloud Server
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.
network
low complexity
nextcloud CWE-79
5.4
2017-05-08 CVE-2017-0890 Cross-site Scripting vulnerability in Nextcloud Server
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module.
network
low complexity
nextcloud CWE-79
5.4
2017-05-08 CVE-2017-8848 Cross-Site Request Forgery (CSRF) vulnerability in Allen Disk Project Allen Disk 1.6
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password.
network
low complexity
allen-disk-project CWE-352
6.5
2017-05-08 CVE-2017-8847 NULL Pointer Dereference vulnerability in Long Range ZIP Project Long Range ZIP 0.631
The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.
local
low complexity
long-range-zip-project CWE-476
5.5
2017-05-08 CVE-2017-8846 Use After Free vulnerability in multiple products
The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.
local
low complexity
long-range-zip-project debian CWE-416
5.5
2017-05-08 CVE-2017-8845 Out-of-bounds Read vulnerability in Long Range ZIP Project Long Range ZIP 0.631
The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive.
local
low complexity
long-range-zip-project CWE-125
5.5
2017-05-08 CVE-2017-8843 NULL Pointer Dereference vulnerability in Long Range ZIP Project Long Range ZIP 0.631
The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.
local
low complexity
long-range-zip-project CWE-476
5.5
2017-05-08 CVE-2017-8842 Divide By Zero vulnerability in Long Range ZIP Project Long Range ZIP 0.631
The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive.
local
low complexity
long-range-zip-project CWE-369
5.5
2017-05-08 CVE-2017-8833 Cross-site Scripting vulnerability in Zen-Cart ZEN Cart 1.6.0
Zen Cart 1.6.0 has XSS in the main_page parameter to index.php.
network
low complexity
zen-cart CWE-79
6.1
2017-05-08 CVE-2017-8832 Cross-site Scripting vulnerability in Allen Disk Project Allen Disk 1.6
Allen Disk 1.6 has XSS in the id parameter to downfile.php.
network
low complexity
allen-disk-project CWE-79
6.1