Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-28 CVE-2017-2110 Improper Certificate Validation vulnerability in Nissan Securities Access CX
The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
nissan-securities CWE-295
5.9
2017-04-28 CVE-2017-2106 Cross-site Scripting vulnerability in Webmin
Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
webmin CWE-79
6.1
2017-04-28 CVE-2017-2105 Information Exposure vulnerability in Presentcast INC Tver 3.2.7
The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
presentcast-inc CWE-200
5.9
2017-04-28 CVE-2017-2104 Information Exposure vulnerability in K-Opticom Corporation Business Lala Call 1.4.7
The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
k-opticom-corporation CWE-200
5.9
2017-04-28 CVE-2017-2103 Information Exposure vulnerability in K-Opticom Corporation Lala Call 2.4.7
The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
k-opticom-corporation CWE-200
5.9
2017-04-28 CVE-2017-2100 Improper Input Validation vulnerability in IPA Appgoat 3.0.0/3.0.1
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors.
network
low complexity
ipa CWE-20
6.3
2017-04-28 CVE-2017-2099 Unspecified vulnerability in IPA Appgoat 3.0.0
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors.
network
low complexity
ipa
6.3
2017-04-28 CVE-2017-2098 Path Traversal vulnerability in Cubecart
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
network
low complexity
cubecart CWE-22
6.5
2017-04-28 CVE-2017-2095 Unspecified vulnerability in Cybozu Garoon
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.
network
low complexity
cybozu
4.3
2017-04-28 CVE-2017-2094 Improper Privilege Management vulnerability in Cybozu Garoon
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.
network
low complexity
cybozu CWE-269
4.3