The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.
The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.
Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.
Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.
Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable. No vendor patch available.
A flaw was found in OpenStack Keystone. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.9 and 4.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) file name to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.
Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by. Rated low severity (CVSS 1.9). No vendor patch available.