Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-14 CVE-2016-8925 Information Exposure vulnerability in IBM Tivoli Application Dependency Discovery Manager
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system.
network
low complexity
ibm CWE-200
6.5
2017-04-14 CVE-2017-7457 XXE vulnerability in Moxa Mx-Aopc Server 1.5
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.
local
low complexity
moxa CWE-611
5.0
2017-04-14 CVE-2017-7217 Improper Input Validation vulnerability in Paloaltonetworks Pan-Os
The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters.
network
low complexity
paloaltonetworks CWE-20
4.3
2017-04-13 CVE-2016-8725 Information Exposure vulnerability in Moxa Awk-3131A Firmware 1.1
An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1.
network
low complexity
moxa CWE-200
5.3
2017-04-13 CVE-2016-8724 Information Exposure vulnerability in Moxa Awk-3131A Firmware 1.1
An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1.
network
low complexity
moxa CWE-200
5.3
2017-04-13 CVE-2016-8722 Information Exposure vulnerability in Moxa Awk-3131A Firmware 1.1
An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client.
network
low complexity
moxa CWE-200
5.3
2017-04-13 CVE-2016-8720 Injection vulnerability in Moxa Awk-3131A Firmware 1.1
An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1.
network
low complexity
moxa CWE-74
4.3
2017-04-13 CVE-2017-7725 Cross-site Scripting vulnerability in Concretecms Concrete CMS 8.1.0
concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings.
network
low complexity
concretecms CWE-79
6.1
2017-04-13 CVE-2015-8345 Resource Management Errors vulnerability in multiple products
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.
local
low complexity
qemu debian CWE-399
6.5
2017-04-13 CVE-2014-3887 Cross-site Scripting vulnerability in Iodata Rockdisk Firmware
Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
iodata CWE-79
5.4