Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because "width * height" multiplications occur unsafely. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.