In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 50.8%.
Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch) allows remote attackers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted;. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service" vulnerability in the access control policy of Cisco Firepower System Software could allow. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.