Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-01-18 CVE-2016-7101 Out-of-bounds Read vulnerability in Imagemagick
The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.
network
low complexity
imagemagick CWE-125
6.5
2017-01-18 CVE-2015-8684 Cross-site Scripting vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality.
network
low complexity
exponentcms CWE-79
6.1
2017-01-18 CVE-2015-8667 Cross-site Scripting vulnerability in Exponentcms Exponent CMS
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.
network
low complexity
exponentcms CWE-79
6.1
2017-01-18 CVE-2014-9913 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unzip Project Unzip 6.0
Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.
local
low complexity
unzip-project CWE-119
4.0
2017-01-17 CVE-2017-5516 Cross-site Scripting vulnerability in Metalgenix Genixcms
Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters.
network
low complexity
metalgenix CWE-79
6.1
2017-01-17 CVE-2017-5515 Cross-site Scripting vulnerability in Metalgenix Genixcms
Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names.
network
low complexity
metalgenix CWE-79
5.4
2017-01-16 CVE-2017-5223 Information Exposure vulnerability in PHPmailer Project PHPmailer
An issue was discovered in PHPMailer before 5.2.22.
local
low complexity
phpmailer-project CWE-200
5.5
2017-01-15 CVE-2017-5494 Cross-site Scripting vulnerability in B2Evolution
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame.
network
low complexity
b2evolution CWE-79
5.4
2017-01-15 CVE-2017-5491 Insecure Default Initialization of Resource vulnerability in Wordpress
wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name.
network
low complexity
wordpress CWE-1188
5.3
2017-01-15 CVE-2017-5490 Cross-site Scripting vulnerability in Wordpress
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.
network
low complexity
wordpress CWE-79
6.1