Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of. Rated medium severity (CVSS 6.9). No vendor patch available.
HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.
The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.