Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-18 | CVE-2016-7101 | Out-of-bounds Read vulnerability in Imagemagick The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file. | 6.5 |
| 2017-01-18 | CVE-2015-8684 | Cross-site Scripting vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality. | 6.1 |
| 2017-01-18 | CVE-2015-8667 | Cross-site Scripting vulnerability in Exponentcms Exponent CMS Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email. | 6.1 |
| 2017-01-18 | CVE-2014-9913 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unzip Project Unzip 6.0 Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. | 4.0 |
| 2017-01-17 | CVE-2017-5516 | Cross-site Scripting vulnerability in Metalgenix Genixcms Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters. | 6.1 |
| 2017-01-17 | CVE-2017-5515 | Cross-site Scripting vulnerability in Metalgenix Genixcms Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names. | 5.4 |
| 2017-01-16 | CVE-2017-5223 | Information Exposure vulnerability in PHPmailer Project PHPmailer An issue was discovered in PHPMailer before 5.2.22. | 5.5 |
| 2017-01-15 | CVE-2017-5494 | Cross-site Scripting vulnerability in B2Evolution Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame. | 5.4 |
| 2017-01-15 | CVE-2017-5491 | Insecure Default Initialization of Resource vulnerability in Wordpress wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name. | 5.3 |
| 2017-01-15 | CVE-2017-5490 | Cross-site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php. | 6.1 |