Skip to main content
CVE-2016-5312 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 40.0%.

Path Traversal Messaging Gateway
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
40.0%
Threat
4.0
CVE-2016-5309 MEDIUM POC This Month

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Information Disclosure Symantec Data Center Security Server +14
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
8.0%
CVE-2016-5310 MEDIUM POC This Month

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Microsoft Denial Of Service Symantec Data Center Security Server +14
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
8.0%
CVE-2017-7871 MEDIUM POC PATCH This Month

trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Tdm
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7188 MEDIUM POC This Month

Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zurmo Crm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2017-7457 MEDIUM POC This Month

XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XXE Mx Aopc Server
NVD Exploit-DB
CVSS 3.0
5.0
EPSS
0.5%
CVE-2016-8925 MEDIUM PATCH This Month

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Application Dependency Discovery Manager
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-4875 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Assist Plugin Databox Plugin Userbox Plugin
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-4890 MEDIUM This Month

ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoho Servicedesk Plus
NVD
CVSS 3.0
5.3
EPSS
3.0%
CVE-2016-4888 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zoho Servicedesk Plus
NVD
CVSS 3.0
5.4
EPSS
2.4%
CVE-2016-8927 MEDIUM PATCH This Month

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tivoli Application Dependency Discovery Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-7060 MEDIUM This Month

The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Quickstart Cloud Installer
NVD
CVSS 3.0
4.6
EPSS
0.1%
CVE-2017-7217 MEDIUM This Month

The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-8926 MEDIUM PATCH This Month

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Application Dependency Discovery Manager
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-1152 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Session Fixation IBM Information Disclosure Financial Transaction Manager
NVD
CVSS 3.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy