Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.4%.
Cross-site request forgery (CSRF) vulnerability in Sharetronix before 3.4 allows remote attackers to hijack the authentication of administrators for requests that add administrative privileges to a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive. Rated medium severity (CVSS 4.3). No vendor patch available.
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 3.3.3, stores the reports database password in cleartext, which. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses world-readable permissions on the datasource configuration file (js-jboss7-ds.xml), which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.