The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.