Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 89.7%.
Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 42.6%.
SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8, 12.3 before. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.
Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via. Rated medium severity (CVSS 4.9).
Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.