Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-30 | CVE-2015-8703 | Information Exposure vulnerability in ZTE Zxhn H108N R1A Firmware and Zxv10 W300 Firmware ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248. | 6.5 |
| 2015-12-30 | CVE-2015-7794 | Improper Input Validation vulnerability in Corega Cg-Wlncm4G Firmware Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries. | 5.8 |
| 2015-12-30 | CVE-2015-7793 | Code vulnerability in Corega Cg-Wlbaragm Firmware Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors. | 5.8 |
| 2015-12-30 | CVE-2015-7790 | Cross-site Scripting vulnerability in Asus Wl-330Nul Firmware 3.0.0.41 Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2015-12-30 | CVE-2015-7789 | Improper Input Validation vulnerability in Asus Wl-330Nul and Wl-33Nul Firmware ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors. | 4.3 |
| 2015-12-30 | CVE-2015-7787 | Information Exposure vulnerability in Asus Wl-330Nul Firmware 3.0.0.41 ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors. | 4.3 |
| 2015-12-30 | CVE-2015-7784 | SQL Injection vulnerability in Bokublock Bbadminviewscontrol and Bbadminviewscontrol213 SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 4.3 |
| 2015-12-30 | CVE-2015-7782 | Cross-site Scripting vulnerability in Let'S PHP! Frame High-Speed Chat Cross-site scripting (XSS) vulnerability in Let's PHP! Frame high-speed chat before 2015-09-22 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2015-12-30 | CVE-2015-7252 | Cross-site Scripting vulnerability in ZTE Zxhn H108N R1A Firmware Zte.Bhs.Zxhnh108Nr1A.Hpe Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter. | 6.1 |
| 2015-12-30 | CVE-2015-7249 | Permissions, Privileges, and Access Controls vulnerability in ZTE Zxhn H108N R1A Firmware Zte.Bhs.Zxhnh108Nr1A.Hpe ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action. | 4.9 |