Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.