Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.
Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.
Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.
Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.