The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 33.2%.
Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote attackers to execute arbitrary commands via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of a Shockwave Player 10.4.0.025 compatibility feature via a crafted HTML document that references Shockwave. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
Adobe Shockwave Player through 11.6.8.638 allows remote attackers to trigger installation of arbitrary signed Xtras via a Shockwave movie that contains an Xtra URL, as demonstrated by a URL for an. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
The Service Processor in the IBM Power 5 91##-### and 940#-### before SF240_418_382 does not ensure that firewall code is executed, which allows remote attackers to execute arbitrary code via. Rated high severity (CVSS 7.9). No vendor patch available.
The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.