Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in FLUGELz netmania myu-s and PHP WeblogSystem allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.