Buffer overflow in Lhaplus before 1.70 allows remote attackers to execute arbitrary code via a crafted archive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.
Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows local users to gain privileges via unspecified vectors, a different. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.
Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows local users to gain privileges via unspecified vectors, a different. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.
Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.