The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.5%.
Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.
IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.
Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.