Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-17 | CVE-2016-10374 | Link Following vulnerability in Perltidy Project Perltidy perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete. | 5.5 |
| 2017-05-17 | CVE-2015-4070 | Open Redirect vulnerability in WOW NEW Media WOW Moodboard Lite 1.1.1 Open redirect vulnerability in the proxyimages function in wowproxy.php in the Wow Moodboard Lite plugin 1.1.1.1 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | 6.1 |
| 2017-05-17 | CVE-2015-3998 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML via the query parameter to whois.php. | 6.1 |
| 2017-05-17 | CVE-2017-9025 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hootoo Trip Mate 6 Firmware 2.000.030 Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HTTP Cookie header. | 6.5 |
| 2017-05-16 | CVE-2017-7488 | Information Exposure vulnerability in Authconfig Project Authconfig 6.2.8 Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames. | 4.3 |
| 2017-05-16 | CVE-2015-9001 | Information Exposure vulnerability in Google Android In TrustZone an information exposure vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. | 5.5 |
| 2017-05-16 | CVE-2017-8382 | Cross-Site Request Forgery (CSRF) vulnerability in Admidio 3.2.8 admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts. | 4.5 |
| 2017-05-16 | CVE-2017-7953 | Cross-site Scripting vulnerability in Infor Enterprise Asset Management 11.0 INFOR EAM V11.0 Build 201410 has XSS via comment fields. | 5.4 |
| 2017-05-15 | CVE-2016-9750 | Credentials Management vulnerability in IBM Qradar Security Information and Event Manager 7.2.0/7.3.0 IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. | 6.5 |
| 2017-05-15 | CVE-2016-9735 | Information Exposure vulnerability in IBM products IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. | 4.3 |