Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 15.0% and no vendor patch available.
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.
RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.