Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.8%.
Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 31.7%.
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 35.7% and no vendor patch available.
Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.
Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) user name or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
Cross-site scripting (XSS) vulnerability in Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.