Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-12 | CVE-2016-2073 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document. | 6.5 |
| 2016-02-12 | CVE-2016-1324 | Permissions, Privileges, and Access Controls vulnerability in Cisco Spark 201506Base The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125. | 5.3 |
| 2016-02-12 | CVE-2016-1323 | Information Exposure vulnerability in Cisco Spark 201506Base The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048. | 4.3 |
| 2016-02-12 | CVE-2016-1320 | OS Command Injection vulnerability in Cisco Prime Collaboration 11.0.0/9.0.0/9.0.5 The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286. | 6.7 |
| 2016-02-12 | CVE-2016-0882 | Unspecified vulnerability in EMC Documentum XCP 2.1/2.2 EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.4 |
| 2016-02-12 | CVE-2016-0881 | Injection vulnerability in EMC Documentum XCP 2.1/2.2 EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request. | 6.5 |
| 2016-02-10 | CVE-2016-0955 | Cross-site Scripting vulnerability in Adobe Experience Manager 6.1.0 Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog. | 6.1 |
| 2016-02-10 | CVE-2016-0950 | 7PK - Security Features vulnerability in Adobe Connect Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors. | 5.3 |
| 2016-02-10 | CVE-2015-7680 | Information Exposure vulnerability in Ipswitch Moveit DMZ 8.1 Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx. | 5.3 |
| 2016-02-10 | CVE-2015-7679 | Cross-site Scripting vulnerability in Ipswitch Moveit Mobile 1.2.0.962 Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/. | 6.1 |