The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.