Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-28 | CVE-2017-2110 | Improper Certificate Validation vulnerability in Nissan Securities Access CX The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
2017-04-28 | CVE-2017-2106 | Cross-site Scripting vulnerability in Webmin Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
2017-04-28 | CVE-2017-2105 | Information Exposure vulnerability in Presentcast INC Tver 3.2.7 The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
2017-04-28 | CVE-2017-2104 | Information Exposure vulnerability in K-Opticom Corporation Business Lala Call 1.4.7 The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
2017-04-28 | CVE-2017-2103 | Information Exposure vulnerability in K-Opticom Corporation Lala Call 2.4.7 The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
2017-04-28 | CVE-2017-2100 | Improper Input Validation vulnerability in IPA Appgoat 3.0.0/3.0.1 Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors. | 6.3 |
2017-04-28 | CVE-2017-2099 | Unspecified vulnerability in IPA Appgoat 3.0.0 Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors. | 6.3 |
2017-04-28 | CVE-2017-2098 | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | 6.5 |
2017-04-28 | CVE-2017-2095 | Unspecified vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. | 4.3 |
2017-04-28 | CVE-2017-2094 | Improper Privilege Management vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. | 4.3 |