radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 through 2.5 Final, as used in JBoss Operations Network (ON) 3.1.1 and possibly other products, allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 Beta and release candidates before 2.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.