The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%.
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.
Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special. Rated medium severity (CVSS 4.4). Public exploit code available.
Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.