Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Epss exploitation probability 30.7%.
Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in browse.php in SQL Buddy 1.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 allow remote attackers to inject arbitrary web script or HTML via the (1) TinkerAjax parameter to uptime.html, or remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) before 6.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) USRLNM. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D Shop Engine allows remote attackers to inject arbitrary web script or HTML via the ID parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
SQL injection vulnerability in the web service in F5 ARX Data Manager 3.0.0 through 3.1.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.
SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.
mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 allows remote attackers to cause a denial of service (system hang) via a crafted file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.