Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-17 | CVE-2017-4016 | Information Exposure vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via HTTP response header. | 5.3 |
| 2017-05-17 | CVE-2017-4015 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header. | 4.5 |
| 2017-05-17 | CVE-2017-4013 | Information Exposure vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Banner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header. | 5.3 |
| 2017-05-17 | CVE-2017-4012 | Unspecified vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request. | 6.5 |
| 2017-05-17 | CVE-2017-4011 | Cross-site Scripting vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request. | 6.1 |
| 2017-05-17 | CVE-2016-10374 | Link Following vulnerability in Perltidy Project Perltidy perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete. | 5.5 |
| 2017-05-17 | CVE-2015-4070 | Open Redirect vulnerability in WOW NEW Media WOW Moodboard Lite 1.1.1 Open redirect vulnerability in the proxyimages function in wowproxy.php in the Wow Moodboard Lite plugin 1.1.1.1 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | 6.1 |
| 2017-05-17 | CVE-2015-3998 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML via the query parameter to whois.php. | 6.1 |
| 2017-05-17 | CVE-2017-9025 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hootoo Trip Mate 6 Firmware 2.000.030 Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HTTP Cookie header. | 6.5 |
| 2017-05-16 | CVE-2017-7488 | Information Exposure vulnerability in Authconfig Project Authconfig 6.2.8 Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames. | 4.3 |