The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Cisco TelePresence System Software does not properly handle inactive t-shell sessions, which allows remote authenticated users to cause a denial of service (memory consumption and service outage) by. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.