Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers to execute arbitrary code via a long string in a .m3u file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Use-after-free vulnerability in the O3D plug-in in Google Chrome OS before 26.0.1410.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SaveToFile method in a certain ActiveX control in TrendDisplay.dll in Canary Labs TrendLink 9.0.2.27051 and earlier does not properly restrict the creation of files, which allows remote attackers. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.
The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to cause a denial of service (jabberd daemon crash) via crafted XML content in an XMPP message, aka Bug. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile Black Edition application 2.8.0 and earlier for Android allow remote attackers to load arbitrary Extension APIs, and trigger. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.
The Secure Shell (SSH) implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly terminate sessions, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in Google Chrome OS before 26.0.1410.57 does not prevent uninitialized data from remaining in a buffer, which might allow remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Sleipnir 4.0.0.4000 and earlier on Windows allows remote attackers to spoof the SSL lock icon and address-bar colors via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM XIV Storage System Gen3 before 11.2 relies on a default X.509 v3 certificate for authentication, which allows man-in-the-middle attackers to spoof servers by leveraging an inappropriate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.