Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-02-17 CVE-2015-8484 Permissions, Privileges, and Access Controls vulnerability in Cybozu Office
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152.
network
low complexity
cybozu CWE-264
5.4
2016-02-17 CVE-2015-7798 Cross-site Scripting vulnerability in Cybozu Office
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150.
network
low complexity
cybozu CWE-79
6.1
2016-02-17 CVE-2015-7797 Cross-site Scripting vulnerability in Cybozu Office
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
network
low complexity
cybozu CWE-79
6.1
2016-02-17 CVE-2015-7796 Cross-site Scripting vulnerability in Cybozu Office
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
network
low complexity
cybozu CWE-79
6.1
2016-02-17 CVE-2015-7795 Cross-site Scripting vulnerability in Cybozu Office
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
network
low complexity
cybozu CWE-79
6.1
2016-02-16 CVE-2016-2388 Information Exposure vulnerability in SAP Netweaver Application Server Java
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
network
low complexity
sap CWE-200
5.3
2016-02-16 CVE-2016-2387 Cross-site Scripting vulnerability in SAP Netweaver 7.40
Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220571.
network
low complexity
sap CWE-79
6.1
2016-02-16 CVE-2016-0753 Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
network
low complexity
rubyonrails debian fedoraproject opensuse
5.3
2016-02-16 CVE-2015-7580 Cross-site Scripting vulnerability in Rubyonrails Html Sanitizer 1.0.0/1.0.1/1.0.2
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.
network
low complexity
rubyonrails CWE-79
6.1
2016-02-16 CVE-2015-7579 Cross-site Scripting vulnerability in Rubyonrails Html Sanitizer 1.0.0/1.0.1/1.0.2
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.
network
low complexity
rubyonrails CWE-79
6.1