Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-20 CVE-2016-6336 Improper Access Control vulnerability in Mediawiki
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.
network
low complexity
mediawiki CWE-284
6.5
6.5
2017-04-20 CVE-2016-6334 Cross-site Scripting vulnerability in Mediawiki
Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.
network
low complexity
mediawiki CWE-79
6.1
6.1
2017-04-20 CVE-2016-6333 Cross-site Scripting vulnerability in Mediawiki
Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.
network
low complexity
mediawiki CWE-79
6.1
6.1
2017-04-20 CVE-2016-5761 Cross-site Scripting vulnerability in Novell Groupwise
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.
network
low complexity
novell CWE-79
6.1
6.1
2017-04-20 CVE-2016-5760 Cross-site Scripting vulnerability in Novell Groupwise
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp.
network
low complexity
novell CWE-79
6.1
6.1
2017-04-20 CVE-2016-4849 Cross-site Scripting vulnerability in Geeklog Project Geeklog 2.1.1
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in (1) public_html/layout/default/header.thtml, (2) public_html/layout/bento/header.thtml, (3) public_html/layout/fotos/header.thtml, or (4) public_html/layout/default/article/article.thtml.
network
low complexity
geeklog-project CWE-79
6.1
6.1
2017-04-20 CVE-2016-4847 Cross-site Scripting vulnerability in Ossec web UI 0.3/0.8
Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex.
network
low complexity
ossec CWE-79
6.1
6.1
2017-04-20 CVE-2017-7982 Integer Overflow or Wraparound vulnerability in Libimobiledevice Libplist
Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file.
local
low complexity
libimobiledevice CWE-190
5.5
5.5
2017-04-20 CVE-2017-7282 Information Exposure vulnerability in Unitrends Enterprise Backup 7.3.0/8.2.08/9.1
An issue was discovered in Unitrends Enterprise Backup before 9.1.1.
local
low complexity
unitrends CWE-200
5.5
5.5
2017-04-19 CVE-2017-7962 Divide By Zero vulnerability in Entropymine Imageworsener 1.3.0
The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
local
low complexity
entropymine CWE-369
5.5
5.5