| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. |
| InfoSphere Guardium aix_ktap module: DoS |
| IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager. |
| IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041. |
| IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. |
| An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies |
| The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. |
| A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys. |
| A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature. |
| ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entire server from client interface. |
| A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal. |
| Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal. |
| PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field. |
| HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information |
| A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting. |
| EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks. |
| XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter. |
| Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal. |
| A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file. |
| A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. |
