Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-06 | CVE-2015-1000008 | Information Exposure vulnerability in Mp3-Jplayer Project Mp3-Jplayer 2.3.2 Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 | 5.3 |
| 2016-10-06 | CVE-2015-1000004 | Cross-site Scripting vulnerability in Filedownload Project Filedownload 1.4 XSS in filedownload v1.4 wordpress plugin | 6.1 |
| 2016-10-06 | CVE-2016-6436 | Cross-site Scripting vulnerability in Cisco Hostscan Engine Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682. | 6.1 |
| 2016-10-06 | CVE-2016-6435 | Information Exposure vulnerability in Cisco Secure Firewall Management Center 6.0.1 The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. | 6.5 |
| 2016-10-06 | CVE-2016-6425 | Cross-site Scripting vulnerability in Cisco products Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652. | 6.1 |
| 2016-10-06 | CVE-2016-6424 | Resource Management Errors vulnerability in Cisco Adaptive Security Appliance Software 8.4.7.29/9.1(7)4 The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHCP packet transmission, aka Bug ID CSCuy66942. | 6.5 |
| 2016-10-06 | CVE-2016-6027 | Cross-site Scripting vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0 The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP. | 6.1 |
| 2016-10-06 | CVE-2016-6026 | Information Exposure vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0 The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST. | 5.3 |
| 2016-10-06 | CVE-2016-6025 | Permissions, Privileges, and Access Controls vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0 The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL. | 5.9 |
| 2016-10-06 | CVE-2016-1454 | Improper Input Validation vulnerability in Cisco Nx-Os Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload) by leveraging a peer relationship to send a crafted BGP UPDATE message, aka Bug IDs CSCuq77105 and CSCux11417. | 6.5 |