Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-28 | CVE-2017-2093 | Information Exposure vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. | 4.3 |
| 2017-04-28 | CVE-2017-2092 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-04-28 | CVE-2017-2091 | Unspecified vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. | 4.3 |
| 2017-04-28 | CVE-2017-2090 | Path Traversal vulnerability in Cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | 6.5 |
| 2017-04-28 | CVE-2016-7843 | Path Traversal vulnerability in Hibara Software products Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. | 5.5 |
| 2017-04-28 | CVE-2016-7842 | Path Traversal vulnerability in Hibara Attachecase Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. | 5.5 |
| 2017-04-28 | CVE-2016-7841 | Cross-site Scripting vulnerability in Olive Design Olive Diary DX Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 6.1 |
| 2017-04-28 | CVE-2016-7840 | Cross-site Scripting vulnerability in Olive Design Olive Blog Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter. | 6.1 |
| 2017-04-28 | CVE-2016-7839 | Cross-site Scripting vulnerability in Olive Design Olive Blog Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 6.1 |
| 2017-04-28 | CVE-2016-7815 | Improper Certificate Validation vulnerability in Cybozu Remote Service Manager Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. | 4.2 |