Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-24 CVE-2017-3288 Unspecified vulnerability in Oracle Flexcube Investor Servicing
Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust).
network
low complexity
oracle
5.4
2017-04-24 CVE-2017-3232 Unspecified vulnerability in Oracle Automatic Service Request
Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager).
local
low complexity
oracle
5.5
2017-04-24 CVE-2016-5016 Improper Certificate Validation vulnerability in Pivotal Software products
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
network
high complexity
pivotal-software CWE-295
5.9
2017-04-24 CVE-2010-1776 7PK - Security Features vulnerability in Apple Iphone OS
Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe account to wipe the device.
network
high complexity
apple CWE-254
4.8
2017-04-24 CVE-2017-8104 Path Traversal vulnerability in Mybb
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
network
low complexity
mybb CWE-22
5.3
2017-04-24 CVE-2017-8103 Cross-site Scripting vulnerability in Mybb
In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.
network
low complexity
mybb CWE-79
6.1
2017-04-24 CVE-2017-8102 Cross-site Scripting vulnerability in S9Y Serendipity 2.1
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user.
network
low complexity
s9y CWE-79
5.4
2017-04-24 CVE-2017-8100 Cross-Site Request Forgery (CSRF) vulnerability in Artistscope Copysafe web Protection
There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings.
network
low complexity
artistscope CWE-352
6.5
2017-04-24 CVE-2017-8098 Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.4
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing.
network
low complexity
e107 CWE-352
6.5
2017-04-24 CVE-2017-7723 Cross-site Scripting vulnerability in Wp-Ecommerce Easy WP Smtp
XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body.
network
low complexity
wp-ecommerce CWE-79
6.1