Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-24 CVE-2010-1776 7PK - Security Features vulnerability in Apple Iphone OS
Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe account to wipe the device.
network
high complexity
apple CWE-254
4.8
2017-04-24 CVE-2017-8104 Path Traversal vulnerability in Mybb
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
network
low complexity
mybb CWE-22
5.3
2017-04-24 CVE-2017-8103 Cross-site Scripting vulnerability in Mybb
In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.
network
low complexity
mybb CWE-79
6.1
2017-04-24 CVE-2017-8102 Cross-site Scripting vulnerability in S9Y Serendipity 2.1
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user.
network
low complexity
s9y CWE-79
5.4
2017-04-24 CVE-2017-8100 Cross-Site Request Forgery (CSRF) vulnerability in Artistscope Copysafe web Protection
There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings.
network
low complexity
artistscope CWE-352
6.5
2017-04-24 CVE-2017-8098 Cross-Site Request Forgery (CSRF) vulnerability in E107 2.1.4
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing.
network
low complexity
e107 CWE-352
6.5
2017-04-24 CVE-2017-7723 Cross-site Scripting vulnerability in Wp-Ecommerce Easy WP Smtp
XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body.
network
low complexity
wp-ecommerce CWE-79
6.1
2017-04-24 CVE-2017-5191 Cross-site Scripting vulnerability in Netiq Access Manager 4.2/4.3
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.
network
low complexity
netiq CWE-79
6.1
2017-04-24 CVE-2017-2322 Resource Exhaustion vulnerability in Juniper Northstar Controller 2.1.0
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services.
local
low complexity
juniper CWE-400
5.5
2017-04-24 CVE-2016-3114 Permissions, Privileges, and Access Controls vulnerability in Kallithea 0.3.1
Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access.
network
low complexity
kallithea CWE-264
6.5