vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 allows remote attackers to cause a denial of service (application crash) via a crafted (a) web. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been identified in TeleControl Server Basic < V3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. Rated medium severity (CVSS 4.7).