contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows authenticated attackers to remotely execute code via the name parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.