Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 49.9%.
Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.9%.
Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows remote FTP servers to execute arbitrary code via a crafted directory name in a CWD command reply. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.
Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.
Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.