Directory traversal vulnerability in index.php in phpPaleo 4.8b180 allows remote attackers to include and execute arbitrary local files via a .. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse. Rated medium severity (CVSS 6.7). Public exploit code available and no vendor patch available.
Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan. Rated medium severity (CVSS 6.2). Public exploit code available and no vendor patch available.
Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL. Rated medium severity (CVSS 6.0). Public exploit code available and no vendor patch available.
Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan. Rated medium severity (CVSS 6.0). Public exploit code available and no vendor patch available.
Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL. Rated medium severity (CVSS 6.0). Public exploit code available and no vendor patch available.
Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan. Rated medium severity (CVSS 6.0). Public exploit code available and no vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.