Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-28 CVE-2017-2093 Information Exposure vulnerability in Cybozu Garoon
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
network
low complexity
cybozu CWE-200
4.3
2017-04-28 CVE-2017-2092 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
cybozu CWE-79
5.4
2017-04-28 CVE-2017-2091 Unspecified vulnerability in Cybozu Garoon
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.
network
low complexity
cybozu
4.3
2017-04-28 CVE-2017-2090 Path Traversal vulnerability in Cubecart
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
network
low complexity
cubecart CWE-22
6.5
2017-04-28 CVE-2016-7843 Path Traversal vulnerability in Hibara Software products
Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.
local
low complexity
hibara-software CWE-22
5.5
2017-04-28 CVE-2016-7842 Path Traversal vulnerability in Hibara Attachecase
Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.
local
low complexity
hibara CWE-22
5.5
2017-04-28 CVE-2016-7841 Cross-site Scripting vulnerability in Olive Design Olive Diary DX
Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter.
network
low complexity
olive-design CWE-79
6.1
2017-04-28 CVE-2016-7840 Cross-site Scripting vulnerability in Olive Design Olive Blog
Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter.
network
low complexity
olive-design CWE-79
6.1
2017-04-28 CVE-2016-7839 Cross-site Scripting vulnerability in Olive Design Olive Blog
Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter.
network
low complexity
olive-design CWE-79
6.1
2017-04-28 CVE-2016-7815 Improper Certificate Validation vulnerability in Cybozu Remote Service Manager
Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.
network
high complexity
cybozu CWE-295
4.2