Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.2%.
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.6%.
The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 32.6%.
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.9%.
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.4%.
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.8%.
Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the whoisval parameter on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site scripting (XSS) vulnerability in json.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz allows remote we servers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme 3.x before 3.5.13 and 4.x before 4.0.12 for Confluence allows remote authenticated users with permissions to create or edit. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Unspecified vulnerability in SAP Payroll Process allows remote attackers to cause a denial of service via vectors related to session handling. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.
The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.