Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.