Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.
Task Scheduler in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges by triggering application execution by an invalid task, aka "Task Scheduler Elevation of. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.
Buffer overflow in das_watchdog 0.9.0 allows local users to execute arbitrary code with root privileges via a large string in the XAUTHORITY environment variable. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.
HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in Microsoft Project Server 2010 SP2 and 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Virtual Machine Manager (VMM) in Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 allows guest OS users to cause a denial of service (VMM functionality loss) via a crafted application, aka. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.