'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 58.3% and no vendor patch available.
Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.