The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.
Unspecified vulnerability in Panda Gold Protection and Global Protection 2014 7.01.01 and earlier, Internet Security 2014 19.01.01 and earlier, and AV Pro 2014 13.01.01 and earlier allows local users. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.