Vulnerability Index: Year 2013

System Drawing Information Disclosure Vulnerability WinForms Buffer Overflow Vulnerability S.DS.P Buffer Overflow Vulnerability Double Construction Vulnerability in Microsoft .NET Framework Replace Denial of Service Vulnerability MSXML Integer Truncation Vulnerability MSXML XSLT Vulnerability Win32k Improper Message Handling Vulnerability System Center Operations Manager Web Console XSS Vulnerability System Center Operations Manager Web Console XSS Vulnerability Windows Print Spooler Remote Code Execution Vulnerability Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability Shift JIS Character Encoding Vulnerability in Microsoft Internet Explorer 6-9 Internet Explorer SetCapture Use After Free Vulnerability Internet Explorer COmWindowProxy Use After Free Vulnerability Internet Explorer 9 Use-After-Free Vulnerability Internet Explorer vtable Use After Free Vulnerability Internet Explorer LsGetTrailInfo Use After Free Vulnerability Internet Explorer CDispNode Use After Free Vulnerability Internet Explorer pasteHTML Use After Free Vulnerability Internet Explorer SLayoutRun Use After Free Vulnerability Internet Explorer InsertElement Use After Free Vulnerability Internet Explorer CPasteCommand Use After Free Vulnerability Internet Explorer CObjectElement Use After Free Vulnerability Internet Explorer CHTML Use After Free Vulnerability VML Memory Corruption Vulnerability WinForms Callback Elevation Vulnerability Silverlight Double Dereference Vulnerability TCP FIN WAIT Vulnerability Reference Count Vulnerability in Microsoft Windows Server 2008 R2 and Windows 7 Media Decompression Vulnerability in Quartz.dll Microsoft Antimalware Client Privilege Escalation Vulnerability Visio Viewer Tree Object Type Confusion Vulnerability Callback Function Vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 SharePoint Denial of Service Vulnerability WPD File Format Memory Corruption Vulnerability in Microsoft Office 2003 and 2007 SP3 SharePoint Server 2010 SP1 Cross-Site Scripting (XSS) Vulnerability SharePoint Directory Traversal Vulnerability Remote Denial of Service in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 via Crafted URL Buffer Size Validation Vulnerability in Microsoft OneNote 2010 SP1 Internet Explorer OnResize Use After Free Vulnerability Internet Explorer saveHistory Use After Free Vulnerability Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability Internet Explorer CCaret Use After Free Vulnerability Internet Explorer CElement Use After Free Vulnerability Internet Explorer GetMarkupPtr Use After Free Vulnerability Internet Explorer Use-After-Free Vulnerability Internet Explorer removeChild Use After Free Vulnerability Unintended Content Loading Vulnerability in Microsoft Office for Mac 2008 and 2011 Windows Essentials Writer Remote File Overwrite Vulnerability Remote Code Execution Vulnerability in Foxit Advanced PDF Editor 3 before 3.04 Arbitrary Code Execution Vulnerability in Honeywell Enterprise Buildings Integrator (EBI) and SymmetrE Privilege Escalation and Denial of Service Vulnerability in NVIDIA Display Driver Service Privilege Escalation Vulnerability in NVIDIA Stereoscopic 3D Driver Service Privilege Escalation Vulnerability in NVIDIA Update Service Daemon Remote Code Execution and Memory Corruption Vulnerability in Nuance PDF Reader and PDF Viewer Plus CS-Cart PayPal Standard Payments Remote Payment Recipient Manipulation Vulnerability Denial of Service Vulnerability in Dell PowerConnect 6248P Switches Denial of Service Vulnerability in avast! Mobile Security Application Multiple SQL Injection Vulnerabilities in ASKIA askiaweb Administration Interface Multiple Cross-Site Scripting (XSS) Vulnerabilities in ASKIA askiaweb Administration Interface Arbitrary Web Script Injection Vulnerability in C2 WebResource's fileview.asp CSRF Vulnerabilities in Verizon FIOS Actiontec MI424WR-GEN3I Router Firmware 40.19.36 Vulnerability: Unrestricted Java Code Execution and X-Confirm-Reading-To Bypass in IBM Lotus Notes Unencrypted Credentials Leak in TigerText Free Private Texting App Cross-Site Scripting (XSS) Vulnerabilities in pd-admin before 4.17 Buffer Overflow Vulnerabilities in Core FTP: Remote Code Execution and Denial of Service Buffer Overflow Vulnerability in NVIDIA GPU Driver Arbitrary PHP Code Execution Vulnerability in Parallels Plesk Panel 11.0.9 Untrusted Search Path Vulnerability in Parallels Plesk Panel 11.0.9 AirDroid Web Interface Cross-Site Scripting (XSS) Vulnerability Multiple SQL Injection Vulnerabilities in PHP Address Book 8.2.5 Multiple Directory Traversal Vulnerabilities in Mutiny Frontend's EditDocument Servlet Default SSH Private Key Vulnerability in Digital Alert Systems DASDEC and Monroe Electronics R189 One-Net EAS Devices Remote Code Execution and Denial of Service Vulnerability in BitZipper 2013 (pre-Update 1) Denial of Service Vulnerability in Arecont Vision AV1355DN MegaDome Camera SQL Injection Vulnerability in McAfee ePolicy Orchestrator (ePO) Agent-Handler Component Arbitrary File Upload Vulnerability in McAfee ePolicy Orchestrator (ePO) Hardcoded Guest Account Vulnerability in QNAP VioStor NVR Devices Arbitrary Command Execution Vulnerability in QNAP VioStor NVR Devices and Surveillance Station Pro CSRF Vulnerability in QNAP VioStor NVR Devices Allows Unauthorized Creation of Administrative Accounts Buffer Overflow Vulnerability in Serva32 2.1.0 TFTPD Service Insecure Data Access in FairCom c-treeACE: Exploiting the Data Camouflage Vulnerability Vulnerability: OSPF LSA Type 1 Packet Validation Bypass Arbitrary File Upload and Execution Vulnerability in F5 BIG-IP APM and FirePass Denial of Service Vulnerability in Xen 4.2.x on x86_32 Platform with Nested Virtualization Support Denial of Service Vulnerability in Xen 4.2 and Unstable due to Improper Handling of Nested Virtualization AMD IOMMU Vulnerability: Interrupt Injection Denial of Service in Xen Denial of Service Vulnerability in Xen 4.2 with Debugging Enabled Vulnerability in Ruby on Rails allows bypassing database-query restrictions Object-injection vulnerability in active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 Directory Existence Disclosure Vulnerability in mount and umount Unspecified vulnerability in Jenkins allows remote attackers to obtain master cryptographic key Symlink Attack Vulnerability in Fedora Business Cards Package Timing Information Disclosure Vulnerability in Linux Kernel Havalite CMS 1.1.7 Stored XSS Vulnerability Symlink Attack Vulnerability in Ruby Parser Gem Predictable /tmp Directory in OpenShift HAProxy Cartridge: Potential DoS Vulnerability Arbitrary File Overwrite Vulnerability in Red Hat OpenShift Origin Improper File Creation Vulnerability in OpenShift MongoDB Cartridge Vulnerability: Improper Signature Verification in OpenSSL OCSP Responses Vulnerability: Host Unavailability in Red Hat Enterprise Virtualization 3 and 3.2 Improper Permission Check in MoveDisk Command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and Earlier Lucky Thirteen: Timing Side-Channel Attacks on TLS and DTLS Protocols Use-after-free vulnerability in virNetMessageFree function in libvirt Arbitrary Code Execution Vulnerability in Foreman before 1.1 via Crafted YAML Object Samba 4.0.x LDAP ObjectClass Access Control Bypass Vulnerability Weak Root Password Hashing in Foreman 1.1 Foreman External Node Classifier (ENC) API Password Hash Disclosure Vulnerability Object Injection and Denial of Service Vulnerability in multi_xml Gem Denial of Service Vulnerability in libssh's publickey_from_privatekey Function Cross-Site Scripting (XSS) Vulnerabilities in Apache OFBiz Widget/Screen/ModelScreenWidget.java Insecure Temporary File Vulnerability in Redis Buffer Over-read Vulnerability in memcached 1.4.4 and earlier versions Redis 2.6 Insecure Temporary File Vulnerability: Exploiting /tmp/redis.ds Arbitrary Script Injection in Search API Views Arbitrary Payment Access Vulnerability in Drupal Payment Module Denial of Service Vulnerability in Rack's Multipart Parser Denial of Service Vulnerability in Rack::Auth::AbstractRequest CSRF Vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) ManageIQ EVM Multiple Cross-Site Scripting (XSS) Vulnerabilities Privilege Escalation via XMLHttpRequest and AJAX Requests in Foreman before 1.1 Denial of Service Vulnerability in cachemgr.cgi in Squid 3.1.x and 3.2.x Denial of Service Vulnerability in Xen for Linux Kernel 2.6.23 and Earlier Versions Authentication Bypass Vulnerability in libpam-pgsql (pam_pgsql) 0.7 File Disclosure Vulnerability in SMF (SimpleMachines Forum) <= 2.0.3: Unauthorized Access to Database Configuration and Other Files Unspecified Cross-Site Scripting (XSS) Vulnerability in Piwik before 1.10.1 Unspecified Cross-Site Scripting (XSS) Vulnerability in Piwik before 1.10.1 Unspecified Cross-Site Scripting (XSS) Vulnerability in Piwik before 1.10.1 OpenShift Enterprise 1.2 CSRF Vulnerability in Web Console and REST API Arbitrary Script Injection in MantisBT 1.2.12 Denial of Service Vulnerability in Dnsmasq Unrestricted Access to Cross-Realm Kerberos Trust Key in FreeIPA 3.0 Arbitrary File Overwrite Vulnerability in HP Linux Imaging and Printing (HPLIP) Multiple Cross-Site Scripting (XSS) Vulnerabilities in ownCloud 4.5.5 and Earlier Arbitrary Web Script Injection Vulnerability in ownCloud 4.5.5, 4.0.10, and Earlier Cross-Site Scripting (XSS) Vulnerabilities in ownCloud 4.5.5 and Earlier Arbitrary PHP Code Execution in ownCloud 4.5.x before 4.5.6 CSRF Vulnerability in Drupal RESTful Web Services Module Arbitrary Code Execution via Unrestricted File Upload in Drupal Live CSS Module CSRF Vulnerability in Mark Complete Module for Drupal Unauthorized Boot-from-Volume Access in OpenStack Compute (Nova) Unauthenticated Remote Code Execution and SQL Injection in Movable Type 4.2x-4.38 Arbitrary Command Execution in Smart Proxy Puppet Run API Integer Signedness Error in archive_write_zip_data Function in libarchive Cleartext Logging of Credentials in OpenStack Glance Clickjacking Vulnerability in Samba Web Administration Tool (SWAT) CSRF Vulnerability in Samba Web Administration Tool (SWAT) Allows Authentication Hijacking Denial of Service and Information Disclosure Vulnerability in Xen's oxenstored Denial of Service Vulnerability in Xen Netback Functionality Memory Leak in Xen Netback Driver in Linux Kernel World-readable permissions on auto-install XML file in JBoss EAP and EWP 5.2.0 and possibly 5.1.2 allow password disclosure Symlink Attack Vulnerability in System Security Services Daemon (SSSD) Denial of Service Vulnerability in SSSD Responder Functions Stack-based Buffer Overflow in SUSE coreutils-i18n.patch for GNU coreutils Stack-based Buffer Overflow in SUSE coreutils-i18n.patch for GNU coreutils Stack-based Buffer Overflow in SUSE coreutils-i18n.patch for GNU coreutils Arbitrary PHP Code Execution in Drupal Video Module 7.x-2.x Arbitrary Script Injection in User Relationships Module for Drupal Vulnerability in Keyboard Shortcut Utility module for Drupal allows unauthorized access to nodes Arbitrary Script Injection in Search API Sorts Module for Drupal Privilege Escalation Vulnerability in Linux Kernel on 32-bit Xen Paravirt_ops Platforms Buffer Over-read Vulnerability in MiniUPnP MiniUPnPd Arbitrary Code Execution Vulnerability in MiniUPnP MiniUPnPd 1.0 Denial of Service Vulnerability in Xen PCI Backend Driver Arbitrary Command Execution in ZoneMinder Video Server Improper Type Conversion Vulnerability in Devise Gem Cross-site scripting (XSS) vulnerability in Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 Server-Side Request Forgery (SSRF) Vulnerability in WordPress XMLRPC API Cross-Site Scripting (XSS) Vulnerabilities in WordPress 3.5.1 and Earlier Arbitrary Script Injection via Plupload.as in Moxiecode plupload Denial of Service Vulnerability in IRCD-Hybrid's try_parse_v4_netmask Function Authentication Bypass Vulnerability in Apache CXF Insecure SSL Certificate Validation in Gnome Online Accounts (GOA) Denial of Service Vulnerability in QXL Virtual GPU 0.1.0 Buffer Overflow Vulnerability in glibc's extend_buffers Function Basic Constraints Attribute Vulnerability in haskell-tls-extra before 0.6.1: Exploiting TLS Connections for Man-in-the-Middle Attacks Arbitrary Script Injection Vulnerability in Drupal 6.x and 7.x Access Control Vulnerability in Drupal Book Module Unrestricted Access to Derivative Images in Drupal 7.x Denial of Service Vulnerability in OpenStack Keystone Arbitrary File Overwrite Vulnerability in Apache Commons FileUpload Stack-based Buffer Overflow in Curl_sasl_create_digest_md5_message Function Improper Initialization of HMAC Key in Corosync 2.0 Allows Remote DoS Stack-based Buffer Overflow in llogincircuit.cc in latd 1.25 through 1.30 and Earlier Improper Detection of Invalid UTF-8 Sequences in Boost.Locale Library Apache Maven 3.0.4 with Maven Wagon 2.1 SSL Certificate Spoofing Vulnerability Weak Permissions in QSharedMemory Class: Local Information Disclosure and Data Modification Remote Denial of Service and Memory Disclosure Vulnerability in PostgreSQL Cross-Site Scripting (XSS) vulnerability in darkfish.js in RDoc Unrestricted Access to User Email Images in Drupal's email2image Module Bypassing Google Authenticator Login Vulnerability Arbitrary Script Injection Vulnerability in Drupal Boxes Module Unspecified Local Privilege Escalation Vulnerability in Drush Debian Packaging Module for Drupal Arbitrary File Overwrite Vulnerability in PackStack Symlink Path Traversal Vulnerability in Rack::File Timing Attack Vulnerability in Rack::Session::Cookie Server Certificate Validation Disabled in Cumin Code Refactoring Arbitrary File Overwrite Vulnerability in xnbd-server and xNBD 0.1.0 World-readable permissions on cinder.conf and api-paste.ini configuration files in puppetlabs-cinder module allow local users to access OpenStack administrative passwords Improper Data Validation in Apache VCL Web GUI and XMLRPC API Bypassing Capability Restrictions in Linux Kernel's msr_open Function Unsafe Object Creation Vulnerability in JSON Gem Denial of Service Vulnerability in OpenStack Keystone Grizzly and Earlier Versions File Overwrite Vulnerability in MXit Protocol Plugin in Pidgin Buffer Overflow Vulnerability in MXit Protocol Plugin in Pidgin Denial of Service Vulnerability in Pidgin's Sametime Protocol Plugin Denial of Service Vulnerability in Pidgin's libpurple UPnP Response Handling Unspecified Cross-Site Scripting (XSS) Vulnerabilities in Ganglia Web before 3.5.6 Remote bypass of attr_protected protection mechanism in Ruby on Rails Arbitrary Code Execution via Serialized Attributes in Ruby on Rails Pacemaker 1.1.10 Denial of Service Vulnerability OpenStack Keystone EC2-style Authentication Bypass Vulnerability Cross-Site Scripting Vulnerability in Katello Notification Page New Relic Ruby Agent Information Disclosure Vulnerability Remote Code Execution and Denial of Service Vulnerability in nori gem for Ruby Pinboard 1.0.6 WordPress Theme XSS Vulnerability Bypassing Access Restrictions in SSSD Active Directory Provider Stack-based Buffer Overflow in nss-pam-ldapd Allows for Denial of Service and Arbitrary Code Execution SSL Server Spoofing Vulnerability in Isync 0.4 before 1.0.6 Denial of Service Vulnerability in Linux Kernel's __skb_recv_datagram Function Path Disclosure Vulnerability in NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 Privilege Escalation via Spoofed NameOwnerChanged Signals in dbus-glib F2 Shell Drop Privilege Escalation Vulnerability in oVirt Node Weak Random Number Generation in pyrad Packet.py Race condition vulnerability in pigz before 2.2.5 allows local users to bypass access permissions during compression Cross-Site Scripting (XSS) Vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 via site_name and site_url parameters in apps/external/ajax/setsites.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in ownCloud 4.5.x before 4.5.7 Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in ownCloud 4.5.x before 4.5.7 CSRF vulnerability in ownCloud allows remote attackers to change user timezone Unspecified Information Disclosure Vulnerability in ownCloud Server before 4.0.12 Arbitrary PHP Code Execution Vulnerability in ownCloud before 4.0.12 and 4.5.x before 4.5.6 Arbitrary Calendar Reading Vulnerability in ownCloud Server Unauthenticated Access to Django Object History Information Denial of Service and Server Errors in Django Form Library Arbitrary Web Script Injection in ownCloud Settings.php Vulnerability: SSL Server Spoofing in GIT's imap-send Command Denial of Service Vulnerability in Linux Kernel with Transparent Huge Pages NULL pointer dereference vulnerability in cipso_v4_validate function in Linux kernel before 3.4.8 Privilege Escalation via Cross-Region Descriptors in Linux Kernel Denial of Service Vulnerability in 389 Directory Server NULL pointer dereference vulnerability in evm_update_evmxattr function in Linux kernel Authentication Bypass Vulnerability in GateIn Portal Export/Import Gadget XML Entity Expansion (XEE) Vulnerability in GateIn Portal Export/Import Gadget Denial of Service Vulnerability in Drupal 7.x Image Module Cross-site scripting (XSS) vulnerability in Drupal Organic Groups Manager Change module Unrestricted Access Vulnerability in Banckle Chat Module for Drupal Yandex.Metrics Module XSS Vulnerability CSRF vulnerability in Taxonomy Manager module for Drupal Arbitrary Script Injection in Ubercart Views Module for Drupal Arbitrary Script Injection in Ubercart Views Module for Drupal Arbitrary Script Injection in Display Suite Module for Drupal Arbitrary Script Injection in Menu Reference Module for Drupal Cross-Site Scripting (XSS) Vulnerabilities in Varnish Module for Drupal World Readable Permissions in OpenStack Nova Base Images CSRF Vulnerability in Jenkins Master Allows Authentication Hijacking Arbitrary Web Script Injection Vulnerability in Jenkins CSRF Bypass Vulnerability in Jenkins Arbitrary Job Building Vulnerability in Jenkins Denial of Service Vulnerability in Jenkins ZoneMinder 1.24.x Multiple Directory Traversal Vulnerabilities Remote Code Execution and SQL Injection Vulnerability in Ruby on Rails JSON to YAML Conversion Gem Installation Vulnerability in Bundler before 1.7 Vulnerability: Unauthorized Access to Deleted VMs via VNC Token Reuse Denial of Service Vulnerability in FreeIPA Directory Server World-readable permissions on access.log and error.log files in default nginx configuration Denial of Service Vulnerability in libxml2 2.9.0 and Earlier XML External Entity (XXE) Vulnerability in libxml2 through 2.9.1 XML External Entity (XXE) Vulnerability in expat 2.1.0 and earlier Predictable Sequential Packet IDs in pyrad CreateID Function Denial of Service and Information Disclosure Vulnerability in Linux Kernel's IPv6 Temporary Address Generation World-readable permissions in Varnish 3.0.3 log files allow local information disclosure World-readable permissions in Apache Tomcat 7.x log directory allow unauthorized access to sensitive information World-readable permissions for /var/log/webfsd.log in Gentoo init script for webfs allow unauthorized access and potential exploitation. World-readable permissions for /var/log/thttpd.log in sthttpd and thttpd versions before 2.26.4-r2 allow local users to access sensitive information Information Disclosure Vulnerability in Linux Kernel HIDP Module Arbitrary File Overwrite Vulnerability in pktstat 1.8.5 Unspecified Remote Code Execution Vulnerability in Oracle Java SE Unspecified Content Management Vulnerability in Oracle Enterprise Manager Unspecified Remote Integrity Vulnerability in Oracle Enterprise Manager Grid Control Unspecified Integrity Vulnerability in Oracle Enterprise Manager Grid Control and EM DB Control Unspecified Remote Integrity Vulnerability in Oracle Enterprise Manager Grid Control and DB Control Unspecified Remote Integrity Vulnerability in Oracle PeopleSoft Products Unspecified Remote Integrity Vulnerability in Oracle PeopleSoft Products 8.52 Unspecified integrity vulnerability in Oracle Enterprise Manager Grid Control Unspecified vulnerability in Oracle Enterprise Manager Grid Control APM component allows remote attackers to affect confidentiality, integrity, and availability Unspecified Remote Integrity Vulnerability in Oracle Enterprise Manager Grid Control APM Component Unspecified vulnerability in Oracle Database Mobile/Lite Server 10.3.0.3 and 11.1.0.0 Unspecified Confidentiality Vulnerability in Oracle Database Mobile/Lite Server Unspecified Confidentiality Vulnerability in Oracle Database Mobile/Lite Server Unspecified Confidentiality Vulnerability in Oracle Database Mobile/Lite Server Unspecified Confidentiality Vulnerability in Oracle Siebel CRM Unspecified Remote Vulnerability in Oracle Database Mobile/Lite Server Unspecified Remote Availability Vulnerability in Oracle MySQL Server Component Unspecified Remote Availability Vulnerability in Oracle MySQL Server Component Unspecified vulnerability in PeopleSoft PeopleTools component allows remote authenticated users to compromise confidentiality and integrity via unknown vectors related to Query. Unspecified Confidentiality Vulnerability in Oracle Agile PLM Framework Unspecified Remote Code Execution Vulnerability in Oracle MySQL Server Component Unspecified Remote Integrity Vulnerability in Oracle Enterprise Manager Grid Control Unspecified integrity vulnerability in Oracle Enterprise Manager Grid Control Unspecified integrity vulnerability in Oracle Enterprise Manager Grid Control Unspecified Remote Code Execution Vulnerability in Oracle MySQL Server Replication Unspecified Remote Integrity Vulnerability in Oracle Applications Framework Unspecified Remote Integrity Vulnerability in Oracle E-Business Suite Unspecified Remote Code Execution Vulnerability in Siebel CRM Component Unspecified Remote Code Execution Vulnerability in Siebel CRM Component Unspecified Remote Code Execution Vulnerability in Oracle Payroll Component Unspecified vulnerability in Oracle CRM Technical Foundation component in Oracle E-Business Suite: Confidentiality and Integrity Impact Unspecified vulnerability in Oracle Marketing component allows remote attackers to affect confidentiality and integrity Unspecified Remote Server Locking Vulnerability in Oracle MySQL Unspecified Remote Availability Vulnerability in Oracle MySQL Server Component Unspecified Local Vulnerability in Oracle MySQL Server Replication Unspecified Remote Code Execution Vulnerability in Oracle MySQL Server Component Unspecified vulnerability in PeopleSoft PeopleTools component allows remote authenticated users to compromise confidentiality and integrity Unspecified Remote Integrity Vulnerability in PeopleSoft HRMS Component Unspecified Remote Availability Vulnerability in Oracle MySQL Server Component Unspecified Integrity Vulnerability in Oracle Applications Framework Unspecified Security Vulnerability in Oracle PeopleSoft Products 8.52 Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 Unspecified Confidentiality Vulnerability in PeopleSoft HRMS Component Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Unspecified Remote Integrity Vulnerability in Oracle Enterprise Manager Grid Control APM Component Unspecified vulnerability in Oracle Applications Framework component in Oracle E-Business Suite: Confidentiality and Integrity Impact via Diagnostics Unspecified Remote Execution Server Vulnerability in Oracle Solaris Unspecified Local Vulnerability in Oracle Sun Solaris 9 and 10 Affecting Confidentiality, Integrity, and Availability via Utility/Umount Unspecified Local Vulnerability in Oracle Sun Solaris 9 and 10 Affecting Confidentiality, Integrity, and Availability via Filesystem/Cachefs Java Runtime Environment (JRE) Remote Code Execution Vulnerability Java Runtime Environment (JRE) Heap-based Buffer Overflow Vulnerability Unspecified vulnerability in Oracle Sun Solaris Utility allows local users to affect availability Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to compromise system security via unknown vectors related to Kernel/Boot. Unspecified vulnerability in Oracle Sun Solaris: Remote Attack on Confidentiality and Integrity via NFS Client Mounts and IPv6 Unspecified Remote Integrity Vulnerability in Oracle Sun Solaris 10 Unspecified Local Denial of Service Vulnerability in Oracle Sun Solaris 10 and 11 Unspecified vulnerability in Oracle Sun Solaris 10 CPU Performance Counters Drivers Unspecified JMX-related vulnerability in Oracle Java SE 5.0, 6, and 7 Confidentiality vulnerability in Agile EDM component in Oracle Supply Chain Products Suite RBAC Configuration Vulnerability in Oracle Sun Solaris 8, 9, and 10 Unspecified Local Vulnerability in Oracle Sun Solaris Utility/pax Unspecified Local Vulnerability in Oracle Sun Solaris 10 and 11 Affecting Confidentiality, Integrity, and Availability via Remote Execution Service Unspecified vulnerability in Oracle Sun Solaris 11 related to Utility/ksh93 allows local users to affect integrity and availability Unspecified Local Vulnerability in Oracle Sun Solaris 10 Bind/Postinstall Script Unspecified Confidentiality Vulnerability in Siebel Enterprise Application Integration Component Unspecified Remote Confidentiality Vulnerability in Sun Storage Common Array Manager (CAM) Component Unspecified Heap-Based Buffer Overflow Vulnerability in Oracle Outside In Technology Unspecified Remote Code Execution Vulnerability in Oracle Java SE Unspecified vulnerability in VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 Multiple Vulnerabilities in Oracle Java 7 before Update 11: Remote Code Execution Unspecified Remote Code Execution Vulnerability in Oracle Java SE Unspecified Remote Code Execution Vulnerability in Java Runtime Environment (JRE) Unspecified vulnerability in Java Runtime Environment (JRE) component allowing remote attackers to affect confidentiality, integrity, and availability Unspecified vulnerability in Java Runtime Environment (JRE) component allowing remote attackers to bypass Java sandbox restrictions Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect integrity via unknown vectors related to Libraries Unspecified vulnerability in Java Runtime Environment (JRE) component in Oracle Java SE and OpenJDK Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to bypass Java sandbox restrictions. Unspecified vulnerability in Java Runtime Environment (JRE) component allows local users to affect confidentiality, integrity, and availability during client installation process Unspecified User-Assisted Remote Bypass of Java Security Sandbox in JRE Component Unspecified vulnerability in Java Runtime Environment (JRE) component allowing remote attackers to affect confidentiality and integrity via AWT vectors Unspecified Networking Vulnerability in Java Runtime Environment (JRE) Unspecified vulnerability in Java Runtime Environment (JRE) component affecting confidentiality via JAXP vectors Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality via JAX-WS vectors Unspecified vulnerability in Oracle Java SE JavaFX 2.2.4 and earlier Unspecified 2D-related vulnerability in Oracle Java SE and JavaFX Unspecified Remote Confidentiality Vulnerability in Oracle Java SE Unspecified vulnerability in Oracle Java SE JavaFX 2.2.4 and earlier Unspecified vulnerability in Java Runtime Environment (JRE) component in Oracle Java SE and OpenJDK Unspecified vulnerability in Java Runtime Environment (JRE) component allowing remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized Unspecified vulnerability in Java Runtime Environment (JRE) component allowing remote attacks via AWT Unspecified vulnerability in Java Runtime Environment (JRE) component allowing remote attackers to affect confidentiality and integrity via JSSE vectors Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to compromise confidentiality, integrity, and availability via unknown vectors related to Beans Unspecified vulnerability in Java Runtime Environment (JRE) component allowing remote attackers to affect confidentiality, integrity, and availability Unspecified Remote Code Execution Vulnerability in Oracle Java SE Unspecified vulnerability in Oracle Java SE JavaFX 2.2.4 and earlier Unspecified Remote Integrity Vulnerability in Oracle Java SE 7 through Update 11 Unspecified vulnerability in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality, integrity, and availability via JMX vectors. Arbitrary SQL Command Execution Vulnerability in IBM Maximo Asset Management CSRF Vulnerability in IBM Tivoli Endpoint Manager 8.2 Arbitrary Script Injection in IBM Tivoli Endpoint Manager Web Reports Samba SMB2 Implementation CIFS Share Attribute Enforcement Vulnerability Arbitrary Web Script Injection Vulnerabilities in IBM Sterling B2B Integrator and Sterling File Gateway Session Hijacking Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Arbitrary Web Script Injection Vulnerability in IBM Maximo Asset Management 7.5 Arbitrary Script Injection in IBM WebSphere Application Server Administrative Console Arbitrary Web Script Injection Vulnerability in IBM WebSphere Application Server Administrative Console CSRF Vulnerability in IBM WebSphere Application Server Administrative Console Arbitrary Script Injection Vulnerability in IBM WebSphere Application Server Administrative Console Unspecified Vulnerability in IBM WebSphere Application Server (WAS) with Unknown Impact and Attack Vectors Unspecified Information Disclosure Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Cross-Site Scripting (XSS) Vulnerabilities in IBM Eclipse Help System (IEHS) 3.4.3 and 3.6.2 in IBM SPSS Data Collection Unspecified LDAP Authentication Vulnerability in IBM WebSphere Cast Iron Appliance Arbitrary Web Script Injection in IBM WebSphere Message Broker Remote Code Disclosure in IBM Eclipse Help System (IEHS) Unspecified Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Directory Listing Vulnerability in IBM Netezza Performance Portal 1.0.2 Denial of Service Vulnerability in IBM Tivoli Storage Manager (TSM) Client Unspecified Man-in-the-Middle Vulnerability in IBM Tivoli Storage Manager (TSM) Web GUI Cross-Site Scripting (XSS) Vulnerabilities in IBM Security AppScan Enterprise and IBM Rational Policy Tester Credential Exposure in IBM Security AppScan Enterprise and IBM Rational Policy Tester Unspecified Information Disclosure Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Arbitrary FTP Command Injection Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Cross-Site Scripting (XSS) Vulnerabilities in IBM InfoSphere Master Data Management - Collaborative Edition and Server for Product Information Management Arbitrary Web Script Injection Vulnerability in IBM InfoSphere Master Data Management File Type and Extension Bypass Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Remote Stack Trace Disclosure Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Signature Spoofing Vulnerability in IBM WebSphere Application Server and WebSphere Message Broker Cleartext Credential Vulnerability in SOAP Gateway in IBM IMS Enterprise Suite Denial of Service Vulnerability in IBM Cognos TM1 10.1.x Unspecified Vulnerability in IBM Java SDK with Unknown Impact and Attack Vectors in Class Libraries IBM Domino 8.5.x HTTP Server Memory Leak Vulnerability Hijacking of Temporary Credentials in IBM Domino 8.5.x Java Console (SPR KLYH8TNNDN) Arbitrary Web Script Injection in IBM Domino Web Administrator Client CSRF Vulnerability in IBM Domino Web Administrator Client Allows Authentication Hijacking Privilege Escalation Vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 on z/OS Arbitrary Web Script Injection in IBM Informix Open Admin Tool (OAT) 2.x and 3.x Denial of Service Vulnerability in IBM Sterling B2B Integrator 5.0 and 5.1 IBM WebSphere DataPower SOA Appliances XSS Vulnerability Vulnerability in IBM Storwize V7000 Unified Allows Remote Authenticated Users to Obtain Sensitive Information and Cause Denial of Service Arbitrary File Read and Remote Code Execution Vulnerability in EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX Control Arbitrary Web Script Injection Vulnerability in IBM InfoSphere Information Server Arbitrary Script Injection in IBM Lotus Connections Bookmarks Component Buffer Overflow Vulnerability in Adobe Flash Player XPath Injection Vulnerability in IBM Sterling Order Management Arbitrary Web Script Injection in IBM Sterling Order Management Session Fixation Vulnerability in IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 Buffer Overflow Vulnerabilities in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) Buffer Overflow in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 Session Cookie Hijacking Vulnerability in IBM Security AppScan Enterprise SQL Injection Vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x Stack-based Buffer Overflow in Manual Explore Browser Plug-in for Firefox in IBM Security AppScan Enterprise and IBM Rational Policy Tester Unquoted Service Path Enumeration Vulnerability in IBM Security AppScan Enterprise and IBM Rational Policy Tester IBM Sterling External Authentication Server Command Execution Vulnerability Clickjacking vulnerability in IBM Sterling Secure Proxy versions 3.2.0 - 3.4.1.7 Information Disclosure in IBM Sterling Secure Proxy Sensitive Java Stack-Trace Information Disclosure in IBM Sterling Secure Proxy Password Exposure in IBM Notes Client Single Logon Feature Insecure Encryption Algorithm in IBM WebSphere Commerce Allows for Padding Oracle Attack IBM iNotes 8.5.x Multiple Cross-Site Scripting (XSS) Vulnerabilities in Shared Mail File (SPR DKEN8PDNTX) Arbitrary Command Execution in IBM Avocent 1754 KVM Switch via ping.php in GCM16 and GCM32 Unattended Workstation Screen Reading Vulnerability in IBM Sterling Connect:Direct Insecure Session Cookie Transmission in IBM Sterling Connect:Direct Weak SSL Cipher Suites Vulnerability CSRF Vulnerability in IBM Security AppScan Enterprise and IBM Rational Policy Tester Arbitrary Web Script Injection in IBM Sametime Links Server Cleartext Password Persistence Vulnerability in IBM Sametime Connect Client Cross-Site Scripting (XSS) Vulnerabilities in IBM Sametime Classic Meeting Server Privilege Escalation Vulnerability in IBM Notes Multi User Profile Cleanup Service Spoofing of Shared Links in IBM Lotus Sametime 8.5.2 and 8.5.2.1 IBM Lotus Notes 8.x and 9.0 XSS Vulnerability Short Session ID Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Authentication Cookie Validation Bypass in IBM WebSphere Application Server (WAS) Liberty Profile 8.5 Buffer Overflow Vulnerability in IBM WebSphere Application Server (WAS) Allows Local Users to Cause Denial of Service Arbitrary Script Injection in IBM WebSphere Application Server Administrative Console User Account Validation Bypass in IBM WebSphere Application Server Directory Traversal Vulnerability in IBM WebSphere Application Server Administrative Console Multiple Cross-Site Scripting (XSS) Vulnerabilities in IBM Tivoli Monitoring and IBM Application Manager for Smart Business Arbitrary Script Injection in IBM WebSphere Portal's Web Content Viewer Portlet Denial of Service Vulnerability in IBM Tivoli Monitoring Remote Command Execution Vulnerability in IBM Sametime Client Information Disclosure Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Unspecified Remote Access Vulnerability in IBM API Management 2.0 before 2.0.0.1 SQL Injection Vulnerabilities in IBM Sterling B2B Integrator and Sterling File Gateway Arbitrary Script Injection Vulnerability in IBM WebSphere Application Server (WAS) 8.5 Multiple Cross-Site Scripting (XSS) Vulnerabilities in IBM WebSphere Commerce Tools Unspecified Information Disclosure Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Unspecified Information Disclosure Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Unspecified Cross-Site Scripting (XSS) Vulnerability in IBM Connections 4.5 Communities Component FCoE Feature in IBM System Networking and BNT Switches Allows Eavesdropping on Broadcast Domain Arbitrary Web Script Injection Vulnerability in IBM Document Connect for Application Support Facility Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (DC4ASF) allows remote authenticated users to inject content and conduct phishing attacks Arbitrary Web Script Injection Vulnerability in IBM Tivoli Monitoring Remote Code Execution Vulnerability in Optim E-Business Console Unauthenticated Access to Sensitive Database Information in IBM Sterling Order Management APIs Remote User Impersonation Vulnerability in Optim E-Business Console CSRF Vulnerability in IBM Data Growth Solution for Oracle E-business Suite Allows User Hijacking Cross-Site Scripting (XSS) Vulnerabilities in IBM Business Process Manager (BPM) Versions 7.5.1.x, 8.0.0.x, and 8.0.1 before FP1 SAML 2.0 Response Cross-Site Scripting (XSS) Vulnerability in IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) Information Disclosure Vulnerability in IBM InfoSphere Replication Server Cross-Site Scripting (XSS) Vulnerabilities in IBM InfoSphere Information Server IBM Cognos Business Intelligence (BI) Server Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in IBM WebSphere Portal Remote Image Filtering Bypass in IBM iNotes Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 Arbitrary Web Script Injection Vulnerability in IBM iNotes Unspecified Remote Code Execution Vulnerability in IBM SPSS SamplePower 3.0 Open Redirect Vulnerability in IBM iNotes Multiple Cross-Site Scripting (XSS) Vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 (SPR PTHN95XNR3) Arbitrary Script Injection in IBM WebSphere Application Server Administrative Console Arbitrary Web Script Injection Vulnerability in IBM WebSphere Application Server (WAS) IBM Rational ClearQuest Cross-Site Request Forgery (CSRF) Vulnerability Information Disclosure Vulnerability in IBM Eclipse Help System (IEHS) Authentication Bypass Vulnerability on IBM WebSphere DataPower XC10 Appliance Devices Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Adobe Reader and Acrobat Use-After-Free Arbitrary Code Execution Vulnerability Heap-based Buffer Overflow in Adobe Reader and Acrobat 9.x, 10.x, and 11.x Heap-based Buffer Overflow in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Buffer Overflow Vulnerability in Adobe Reader and Acrobat 9.x, 10.x, and 11.x Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Stack-based Buffer Overflow in Adobe Reader and Acrobat Versions 9.x, 10.x, and 11.x Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Buffer Overflow Vulnerability in Adobe Reader and Acrobat 9.x, 10.x, and 11.x Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Buffer Overflow Vulnerability in Adobe Reader and Acrobat 9.x, 10.x, and 11.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Buffer Overflow Vulnerability in Adobe Reader and Acrobat 9.x, 10.x, and 11.x Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Buffer Overflow Vulnerability in Adobe Reader and Acrobat 9.x, 10.x, and 11.x Access Restriction Bypass Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Access Restriction Bypass Vulnerability in Adobe Reader and Acrobat Unauthenticated Remote Code Execution in Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 Stack-based Buffer Overflow in Adobe Reader and Acrobat Versions 9.x, 10.x, and 11.x Unspecified privilege escalation vulnerability in Adobe Reader and Acrobat 9.x, 10.x, and 11.x Unauthenticated Access to Restricted Directories in Adobe ColdFusion (CVE-2013-0629) Arbitrary Code Execution Vulnerability in Adobe Flash Player and Adobe AIR Unspecified Information Disclosure Vulnerability in Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 Authentication Bypass and Remote Code Execution in Adobe ColdFusion RDS Component Remote Code Execution Vulnerability in Adobe Flash Player (CVE-2013-0634) Remote Code Execution Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution Vulnerability in Adobe Shockwave Player Information Disclosure Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution via Integer Overflow in Adobe Flash Player and Adobe AIR Adobe Reader and Acrobat Remote Code Execution Vulnerability Adobe Reader and Acrobat Buffer Overflow Vulnerability Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.6.0.599 Privilege Escalation in Firefox Sandbox in Adobe Flash Player Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows arbitrary code execution Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.6.0.599 Arbitrary Code Execution via Integer Overflow in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Unspecified Arbitrary Code Execution Vulnerability in Adobe Flash Player Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows arbitrary code execution Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows arbitrary code execution Sensitive Information Exposure in GE Intelligent Platforms Proficy Real-Time Information Portal Unrestricted Access to Java Class Methods in GE Intelligent Platforms Proficy Real-Time Information Portal Arbitrary File Read Vulnerability in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY Remote Code Execution and Denial of Service Vulnerability in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY Schneider Electric Software Update Utility: Man-in-the-Middle Attack Vulnerability Remote Code Execution Vulnerability in Siemens SIMATIC RF-MANAGER 2008 and RF-MANAGER Basic 3.0 Schneider Electric IGSS Stack-Based Buffer Overflow Vulnerability Remote Code Execution Vulnerability in Schneider Electric Accutech Manager 2.00.1 and Earlier Remote Code Execution Vulnerability in Siemens CP 1604 and CP 1616 Interface Cards Remote Code Execution Vulnerability in Schneider Electric Modbus Serial Driver CSRF Vulnerability in Schneider Electric PLC Modules Allows Remote Authentication Hijacking Remote Code Execution via FactoryCast Service on Schneider Electric PLC Modules Weak Permissions in SEL AcSELerator QuickSet Program Files Directory Denial of Service Vulnerability in MatrikonOPC Security Gateway 1.0 Siemens WinCC (TIA Portal) 11 HMI Web Application Cross-Site Scripting (XSS) Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in Siemens WinCC (TIA Portal) 11 HMI Web Application Denial of Service Vulnerability in Siemens WinCC (TIA Portal) 11 HMI Web Application CRLF Injection Vulnerability in Siemens WinCC (TIA Portal) 11 HMI Web Application Siemens WinCC (TIA Portal) 11 Directory Traversal Vulnerability Arbitrary Web Script Injection Vulnerability in Siemens WinCC (TIA Portal) 11 Directory Traversal Vulnerability in MatrikonOPC A&E Historian 1.0.0.0 Web Interface Buffer Overflow in Siemens WinCC ActiveX Control Allows Remote Code Execution Buffer Overflow Vulnerability in Siemens WinCC CCEServer Privilege Assignment Vulnerability in Siemens WinCC Siemens WinCC Web Server Information Disclosure and Denial of Service Vulnerability Improper Representation of WebNavigator Credentials in Siemens WinCC Directory Traversal Vulnerability in Siemens WinCC Web Server Stack-based Buffer Overflow in Cogent DataHub Web Server Denial of Service Vulnerability in Cogent DataHub and OPC DataHub Out-of-Bounds Memory Access Vulnerability in Cogent Real-Time Systems DataHub Remote Denial of Service Vulnerability in Cogent DataHub and DataHub QuickTrend Remote SQL Injection Vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal Unrestricted Size and Amount Values Vulnerability in Invensys Wonderware Information Server (WIS) XML External Entity (XXE) Vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal World-writable permissions in Schneider Electric MiCOM S1 Studio installer routine allows privilege escalation and malicious file execution Arbitrary Web Script Injection Vulnerability in Invensys Wonderware Information Server (WIS) Arbitrary Code Execution Vulnerability in Emerson Process Management ROC800, DL8000, and ROC800L RTUs Remote Code Execution Vulnerability in ENEA OSE on Emerson Process Management ROC800 RTU and DL8000 RTU Network Beacon Broadcast Vulnerability in ENEA OSE on Emerson Process Management ROC800 RTU Hardcoded Credentials Vulnerability in Emerson Process Management ROC800, DL8000, and ROC800L RTUs Denial of Service Vulnerability in Galil RIO-47100 Pocket PLC Denial of Service Vulnerability in Siemens SIMATIC S7-1200 PLCs via Crafted Packets SQL Injection Vulnerability in Cybozu Garoon 2.5.0 through 3.5.3: Remote Authenticated User Arbitrary SQL Command Execution Arbitrary Web Script Injection Vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 Arbitrary Web Script Injection Vulnerability in imgboard.com imgboard Directory Traversal Vulnerability in GREE Application for Android (Versions before 1.3.3) Allows Information Disclosure LSI 3ware Disk Manager (3DM) Directory Traversal Vulnerability Lack of Access Control in NEC Universal RAID Utility Arbitrary Code Execution Vulnerability in JustSystems Ichitaro and Hanako Software Arbitrary Web Script Injection via HTTP Referer Header in dopvCOMET* 0009b XSS Vulnerability in dopvSTAR* 0091 Allows Remote Code Injection via HTTP Referer Header Buffer Overflow Vulnerability in Kingsoft Writer 2007 and 2010 Allows Remote Code Execution via Crafted RTF Document Denial of Service Vulnerability in IPSSH Server in Wind River VxWorks 6.5-6.9 Denial of Service Vulnerability in IPSSH Server in Wind River VxWorks 6.5-6.9 Denial of Service Vulnerability in IPSSH Server in Wind River VxWorks 6.5-6.9 Vulnerability in IPSSH Server in Wind River VxWorks 6.5-6.9: Remote Code Execution and Denial of Service Denial of Service Vulnerability in Wind River VxWorks WebCLI Component Denial of Service Vulnerability in Wind River VxWorks Web Server CSRF Vulnerabilities in NEC Aterm Routers Allow Remote Authentication Hijacking Weak Permissions in Simeji Android App Allow Unauthorized Access to Sensitive Information Weak Permissions in ArtIME Japanese Input Application for Android Allows Unauthorized Access to Sensitive Information Weak Permissions in COBIME Application for Android Allows Unauthorized Access to Sensitive Information Information Disclosure Vulnerability in WP PHP Widget Plugin 1.0.2 Ettercap 0.7.5.1 and Earlier Stack-Based Buffer Overflow Vulnerability Heap-based Buffer Overflows in Kingsoft Spreadsheets 2012 8.1.0.3030 Arbitrary PHP Code Execution via Remote File Inclusion in WP ecommerce Shop Styling Plugin Arbitrary Code Execution Vulnerabilities in ERDAS ER Viewer 13.0 Stack-based Buffer Overflow in ER Viewer Allows Remote Code Execution Untrusted Search Path Vulnerabilities in Global Mapper 14.1.0 Stack-based Buffer Overflow in ERDAS APOLLO ECWP Plugin Heap-based Buffer Overflow in PDF-XChange: Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Newscoop 4.x through 4.1.0 Unrestricted Access and Cross-Site Scripting (XSS) Vulnerability in MailUp Plugin for WordPress Remote Code Execution Vulnerability in Nuance PDF Reader 8.1 Untrusted Search Path Vulnerability in Corel PaintShop Pro X5 and X6 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mingle Forum Plugin for WordPress SQL Injection Vulnerabilities in Mingle Forum Plugin for WordPress CSRF Vulnerabilities in Mingle Forum Plugin for WordPress Arbitrary Web Script Injection Vulnerability in BoltWire 3.5 and Earlier Chamilo 1.9.4 Multiple XSS and HTML Injection Vulnerabilities in blog.php and announcements.php XSS Vulnerability in Chamilo 1.9.4's chat.php Script Arbitrary URL Redirect Vulnerability in Dell OpenManage Server Administrator (OMSA) Arbitrary Script Injection in Percipient Studios ImageGen for Umbraco CMS Corel PDF Fusion 1.11 Stack-Based Buffer Overflow Vulnerability TableBackgroundPainter::TableBackgroundData::Destroy Use-After-Free Vulnerability Arbitrary Code Execution via Garbage Collection Interaction in Mozilla Firefox, Thunderbird, and SeaMonkey Arbitrary Code Execution and Denial of Service Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Clickjacking Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey ASLR Bypass Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Integer Overflow Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox and SeaMonkey on Android and SeaMonkey Arbitrary Code Execution and Denial of Service Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Use-after-free vulnerability in Mozilla Firefox and Thunderbird allows remote code execution Use-after-free vulnerability in ListenerManager implementation in Mozilla Firefox and Thunderbird MozVibrate Use-After-Free Vulnerability Use-after-free vulnerability in obj_toSource function in Mozilla Firefox and Thunderbird before 18.0 allows remote code execution Prototype Pollution Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Arbitrary JavaScript Code Execution with Chrome Privileges in Mozilla Firefox, Thunderbird, and SeaMonkey Address bar spoofing vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Buffer Overflow in CharDistributionAnalysis::HandleOneChar Function in Mozilla Firefox, Thunderbird, and SeaMonkey Mozilla Firefox Use-After-Free Vulnerability in TrackUnionStream::EndTrack Implementation Use-after-free vulnerability in imgRequest::OnStopFrame function in Mozilla Firefox and Thunderbird before 18.0 allows remote attackers to execute arbitrary code or cause a denial of service. Mesa Drivers Use-After-Free Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Thread Safety Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Multiple Wrapping of WebIDL Objects Vulnerability Use-after-free vulnerability in ~nsHTMLEditRules implementation in Mozilla Firefox and Thunderbird before 18.0, Firefox ESR and Thunderbird ESR before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 Arbitrary Code Execution and Denial of Service Vulnerability in nsSVGPathElement::GetPathLengthScale Function Stack-based buffer overflow in Mozilla Firefox and Thunderbird allows remote code execution via invalid width and height values in an HTML document Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Heap-based buffer overflow in gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15: Remote code execution vulnerability. Out-of-bounds Read and Application Crash Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Prototype Modification Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey JavaScript Worker Directory Name Disclosure Vulnerability Use-after-free vulnerability in nsImageLoadingContent::OnStopContainer function in Mozilla Firefox and Thunderbird before 19.0 allows remote code execution. Address Bar Spoofing Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Use-after-free vulnerability in nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox, Thunderbird, and SeaMonkey Arbitrary Code Execution and Denial of Service Vulnerability in ClusterIterator::NextCluster Function Arbitrary Code Execution and Denial of Service Vulnerability in nsCodingStateMachine::NextState Function Use-after-free vulnerability in nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 Use-after-free vulnerability in nsPrintEngine::CommonPrint function in Mozilla Firefox, Thunderbird, and SeaMonkey Heap-based buffer overflow in nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox and Thunderbird Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Bugzilla XSS Vulnerability in show_bug.cgi Information Disclosure Vulnerability in Bugzilla::Search::build_subselect Function Use-after-free vulnerability in nsEditor::IsPreformatted function in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and SeaMonkey Unspecified Remote Code Execution Vulnerability in Mozilla Firefox for Android Denial of Service Vulnerability in Mozilla Network Security Services (NSS) Memory Corruption Vulnerability in Mozilla Firefox and SeaMonkey Address Bar Spoofing Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Origin Spoofing Vulnerability in Mozilla Firefox and SeaMonkey Vulnerability: Same Origin Policy Bypass via cloneNode Method in Mozilla Firefox, Thunderbird, and SeaMonkey Arbitrary Code Execution and Denial of Service Vulnerability in WebGL Subsystem Untrusted Search Path Vulnerability in Mozilla Updater World-writable and world-readable permissions in Mozilla Firefox for Android allow modification of add-ons during installation Privilege Escalation via Buffer Overflow in Mozilla Maintenance Service Integer Signedness Error in pixman_fill_sse2 Function in Pixman Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and Thunderbird Arbitrary Code Execution Vulnerability in PolarBear CMS 2.5 via upload.php Arbitrary Code Execution and Denial of Service Vulnerability in Novell GroupWise 8.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in iTop Search Feature Arbitrary Script Injection in gpEasy CMS 3.5.2 and Earlier Unspecified Remote Code Execution Vulnerability in Java Runtime Environment (JRE) Windows Theme File Remote Code Execution Vulnerability Internet Explorer Use-After-Free Vulnerability Denial of Service Vulnerability in Google Chrome PDF Functionality Database Metadata Bypass Vulnerability in Google Chrome Unspecified Data Structure Termination Vulnerability in Google Chrome Directory Traversal Vulnerability in Google Chrome Extension Process Google Chrome Use-After-Free Vulnerability in Printing Denial of Service Vulnerability in Google Chrome Printing Feature Denial of Service Vulnerability in Google Chrome 24.0.1312.52 Unspecified Denial of Service Vulnerability in Google Chrome Geolocation Implementation Denial of Service Vulnerability in Google V8 Denial of Service Vulnerability in Google Chrome Extension Tabs Handling Weak Permissions for Shared Memory Segments in Google Chrome on Linux Font-related Use-after-free vulnerability in Google Chrome before 24.0.1312.56 Unvalidated URL Opening Vulnerability in Google Chrome Array Index Error in Content-Blocking Functionality in Google Chrome Improper Handling of %00 Characters in Pathnames in Google Chrome Improper Buffer Size in WebRTC Audio Renderer in Google Chrome Out-of-bounds array access vulnerability in FFmpeg's adpcm_decode_frame function Out-of-Bounds Write Vulnerability in libavcodec/alsdec.c in FFmpeg Out-of-Bounds Array Access Vulnerability in FFmpeg's qdm2_decode_super_block Function Out-of-Bounds Array Access in FFmpeg's ID3v2 Parsing Function Out-of-Bounds Array Access in FFmpeg's Huffyuv Decoder Unspecified Impact Vulnerability in roq_decode_init Function in FFmpeg Out-of-Bounds Array Access in FFmpeg's decode_slice_header Function Out-of-Bounds Array Access Vulnerability in FFmpeg's decode_frame Function Out-of-bounds array access vulnerability in FFmpeg's parse_picture_segment function in libavcodec/pgssubdec.c Out-of-bounds array access vulnerability in wavpack_decode_frame function in FFmpeg Unspecified Impact Vulnerability in FFmpeg's mjpeg_decode_scan_progressive_ac Function Integer Overflow in alac_decode_close Function in FFmpeg Unspecified Impact Vulnerability in FFmpeg's ALAC Decoder Unspecified Impact Vulnerability in FFmpeg's decode_frame_ilbm Function Unspecified Impact Vulnerability in FFmpeg's atrac3_decode_init Function Out-of-Bounds Array Access in add_doubles_metadata function in FFmpeg NULL pointer dereference vulnerability in FFmpeg's ff_er_frame_end function Memory Corruption Vulnerability in avcodec_decode_audio4 Function Integer overflows in libavcodec/sanm.c in FFmpeg before 1.1.2 leading to out-of-bounds array access in LucasArts Smush video data processing Buffer Overflow in rle_decode function in FFmpeg Out-of-bounds array access in gif_copy_img_rect function in FFmpeg Out-of-bounds write vulnerability in vqa_decode_chunk function in FFmpeg Out-of-bounds Array Access in aac_decode_init Function in FFmpeg Out-of-bounds array access vulnerability in FFmpeg's decode_slice_header function in libavcodec/h264.c Unspecified Impact Vulnerability in FFmpeg's Huffyuv Decoder Unspecified Impact Vulnerability in FFmpeg's field_end Function Thread Check Bypass Vulnerability in FFmpeg 1.1.4 Race condition vulnerability in Linux kernel's ptrace functionality before version 3.7.5 allows local privilege escalation via a crafted application's PTRACE_SETREGS ptrace system call. Out-of-bounds array access vulnerability in swr_init function in FFmpeg Invalid Channel Count Vulnerability in FFmpeg's read_header Function Out-of-bounds Array Access Vulnerability in FFmpeg TIFF Image Handling Out-of-bounds array access vulnerability in FFmpeg's PNG decoder Integer overflows in old_codec37 and old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3: Remote Code Execution Vulnerability Out-of-bounds array access vulnerability in FFmpeg's old_codec37 function in libavcodec/sanm.c Out-of-Bounds Array Access Vulnerability in FFmpeg's Targa Image Processing Denial of Service and Memory Corruption Vulnerability in Google Chrome Google Chrome Use-After-Free Vulnerability in Databases Denial of Service Vulnerability in Google Chrome via Crafted Matroska Container Format Data Denial of Service Vulnerability in Google Chrome via SVG Parameters Denial of Service Vulnerability in Skia Library Unspecified Impact and Attack Vectors in Native Client Loading in Google Chrome Privilege Escalation Vulnerability in Google Chrome Web Store Interaction Signal Handling Vulnerability in Google Chrome for Mac OS X Privilege Escalation in Google Chrome Developer Tools Denial of Service Vulnerability in Skia's User Gesture Check for Dangerous File Downloads Arbitrary Code Execution via File Download in Google Chrome Unspecified IPC Layer Vulnerabilities in Google Chrome Integer Overflow Vulnerability in Google Chrome Unspecified IPC Layer Vulnerabilities in Google Chrome Race condition vulnerability in Google Chrome before 25.0.1364.97/99 allows remote attackers to cause denial of service or other impact via media-related vectors. Buffer Overflow Vulnerability in Vorbis Decoder in FFmpeg Arbitrary Program Execution Vulnerability in Google Chrome Memory Management Vulnerability in Google Chrome Plug-in Message Handling PDF Denial of Service Vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome allows remote attackers to cause denial of service or unspecified impact via URL vectors Integer Overflow in Opus Padding Implementation Race condition vulnerability in ICU functionality in Google Chrome Use-after-free vulnerability in Google Chrome frame-loader implementation Google Chrome Use-After-Free Vulnerability in Browser Navigation Handling Denial of Service and Memory Corruption Vulnerability in Google Chrome's Web Audio Implementation Google Chrome Use-After-Free Vulnerability in SVG Animation Denial of Service and Memory Corruption Vulnerability in Google Chrome IndexedDB Implementation Race condition vulnerability in Google Chrome before 25.0.1364.152 allows for denial of service and potential impact via media thread handling. Unspecified Impact and Attack Vectors in Google Chrome Extension Process Binding Management Sensitive HTTP Referer Information Disclosure in Google Chrome XSS Auditor Improper Authorization Management in Google Chrome Directory Traversal Vulnerability in Google Chrome Allows Remote Attackers to Impact Databases Arbitrary Code Execution Vulnerability in WebKit Integer Overflow in i915_gem_execbuffer.c in Linux Kernel Bypassing ASLR Protection via Crafted Sigaction System Call Denial of Service Vulnerability in Google Chrome OS GPU Process Web Audio Use-After-Free Vulnerability in Google Chrome Denial of Service Vulnerability in Google Chrome URL Loader Unrestricted Navigation to Developer Tools in Google Chrome Use-after-free vulnerability in Google Chrome allows remote attackers to cause denial of service or other impact via pop-up window Use-after-free vulnerability in Google Chrome extension bookmarks API Bypassing Access Restrictions in Google Chrome's Isolated Sites Feature Brute-Force Access Vulnerability in Google Chrome Denial of Service Vulnerability in Google Chrome USB Apps API Insecure Permissions API Usage in Google Chrome Extension Functionality Unrestricted URL Access Vulnerability in Google Chrome Extension API Unspecified Impact Vulnerability in Google Chrome Pango Configuration File Access Restriction Bypass Vulnerability Arbitrary Command Execution Vulnerability in EMC AlphaStor 4.0 Device Manager Remote Code Execution Vulnerability in EMC AlphaStor 4.0 Device Manager Remote Code Execution Vulnerability in EMC AlphaStor 4.0 Drive Control Program (DCP) Bypassing Passcode Requirement in EMC RSA Authentication Agent 7.1.x on Windows Arbitrary File Upload Vulnerability in EMC RSA Archer Archer Smart Suite Framework Multiple Cross-Site Scripting (XSS) Vulnerabilities Bypassing Access Restrictions and Modifying Global Reports in EMC RSA Archer Unauthenticated Remote Code Execution in EMC Smarts Network Configuration Manager (NCM) Arbitrary Web Script Injection Vulnerability in EMC Smarts Managers Session Fixation Vulnerability in EMC Documentum Webtop, WDK, Taskspace, and Records Manager before 6.7 SP2 Arbitrary Web Script Injection Vulnerability in EMC Documentum Web Applications Cross Frame Scripting Vulnerability in EMC Documentum Webtop, WDK, Taskspace, and Records Manager before 6.7 SP2 Weak Permissions Vulnerability in EMC NetWorker Client Improper Encryption Algorithm and Weak Key Vulnerability in RSA Authentication API and Agents Arbitrary Web Script Injection Vulnerability in EMC RSA Authentication Agent 7.1 Information Disclosure Vulnerability in EMC NetWorker 7.6.x and 8.x Arbitrary File Read Vulnerability in EMC Avamar Server SSL Server Spoofing Vulnerability in EMC Avamar Client Remote Code Execution Vulnerability in EMC AlphaStor 4.0 LCP RSA Authentication Manager 8.0 Local Information Disclosure Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Bypassing Passcode Limits and Erase Data Setting in Apple iOS before 7 Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Memory Corruption Vulnerability in Apple Safari WebKit Arbitrary Code Execution and Memory Corruption Vulnerability in Apple Safari WebKit (CVE-2013-0961) User-assisted remote cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 Authentication Bypass Vulnerability in Apple iOS Identity Services Kernel Memory Page Access Vulnerability in Apple iOS and Apple TV Directory Authentication Bypass Vulnerability in Apple mod_hfs_apple Module Bypassing Java Plug-In Disabled Setting via Crafted Web Site in Apple Mac OS X Arbitrary Code Execution and Denial of Service Vulnerability in WebKit VoiceOver Bypass Vulnerability in Apple Mac OS X Login Window Bypassing FaceTime Call-Confirmation Prompt in Apple Mac OS X PDFKit Use-After-Free Vulnerability in Apple Mac OS X Man-in-the-Middle Attack Exploiting Plugin Loading in Apple Mac OS X Software Update JavaScript Execution Vulnerability in StoreKit on Apple iOS Buffer Overflow in QuickDraw Manager in Apple Mac OS X Memory Corruption Vulnerability in IOAcceleratorFamily in Apple Mac OS X Code-Signing Bypass Vulnerability in Apple iOS and Apple TV ARM Prefetch Abort Handler Bypass Vulnerability Arbitrary File Permission Change Vulnerability in Apple iOS Lockdownd Passcode Bypass Vulnerability in Apple iOS Emergency-Call Feature Privilege Escalation via IOUSBDeviceFamily Driver in Apple iOS and Apple TV Cookie-based Authentication Bypass Vulnerability in Apple Mac OS X Safari Stack Consumption Vulnerability in CoreAnimation in Apple Mac OS X Arbitrary Code Execution and Denial of Service Vulnerability in Apple Mac OS X Directory Service FileVault Authentication Bypass Vulnerability in Apple Mac OS X Buffer Overflow Vulnerability in Apple QuickTime Arbitrary Code Execution and Memory Corruption Vulnerability in Apple QuickTime Buffer Overflow Vulnerability in Apple QuickTime 7.7.4 and Earlier Versions Buffer Overflow Vulnerability in Apple QuickTime 7.7.4 and Earlier Versions Unspecified Remote File Modification Vulnerability in Apple Mac OS X Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Certification Validation Vulnerability in HTC One/Sense 4.x Mail Client Critical Vulnerability in Telecommunication Software SAMwin Contact Center Suite 5.1 Allows Authentication with Hard-coded Credentials Critical SQL Injection Vulnerability in Telecommunication Software SAMwin Contact Center Suite 5.1 Critical Vulnerability in Telecommunication Software SAMwin Contact Center Suite 5.1: Predictable Authentication Possibilities in Password Handler Infinite Loop Vulnerability in RemoteAddr and LocalAddr Methods of net.Conn Timing Discrepancy Vulnerability in Ziftr Primecoin up to 0.8.4rc1 Information Disclosure Vulnerability in ethitter WP-Print-Friendly up to 0.5.2 Critical SQL Injection Vulnerability in sheilazpy eShop (VDB-217572) Critical SQL Injection Vulnerability in DrAzraelTod pyChao's mod_fun/__init__.py (VDB-217634) Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Cross-Site Scripting (XSS) Vulnerability in zerochplus Critical SQL Injection Vulnerability in aeharding Classroom-Engagement-System (VDB-218156) Critical SQL Injection Vulnerability in antonbolling clan7ups Critical SQL Injection Vulnerability in Bricco Authenticator Plugin (VDB-218428) Critical SQL Injection Vulnerability in oktora24 2moons (VDB-218898) Critical SQL Injection Vulnerability in fanzila WebFinance 0.5 Critical SQL Injection Vulnerability in fanzila WebFinance 0.5 (CVE-2021-220055) Critical SQL Injection Vulnerability in fanzila WebFinance 0.5 (VDB-220056) Critical SQL Injection Vulnerability in fanzila WebFinance 0.5 (VDB-220057) Critical SQL Injection Vulnerability in OCLC-Research OAICat 1.5.61 (VDB-221489) Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Cross-Site Scripting (XSS) Vulnerability in MMDeveloper A Forms Plugin up to 1.4.2 on WordPress Cross-Site Scripting (XSS) Vulnerability in dd32 Debug Bar Plugin up to 0.8 on WordPress Cross-Site Scripting (XSS) Vulnerability in BestWebSoft Contact Form Plugin 3.51 on WordPress Critical SQL Injection Vulnerability in Editorial Calendar Plugin up to 2.6 on WordPress Exit Strategy Plugin 1.55 on WordPress Information Disclosure Vulnerability Cross-Site Request Forgery Vulnerability in Exit Strategy Plugin 1.55 on WordPress Cross-Site Scripting (XSS) Vulnerability in Mail Subscribe List Plugin up to 2.0.10 on WordPress Cross-Site Request Forgery Vulnerability in Blogger Importer Plugin up to 0.5 on WordPress Cross-Site Scripting (XSS) Vulnerability in EELV Newsletter Plugin 2.x on WordPress Cross-Site Request Forgery Vulnerability in Exit Box Lite Plugin up to 1.06 on WordPress Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Information Disclosure Vulnerability in Exit Box Lite Plugin up to 1.06 on WordPress Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Script Injection via IFRAME Elements in Apple Safari (WebKit XSS Vulnerability) Unintended Form Submission Vulnerability in Apple Safari's XSS Auditor iTunes Man-in-the-Middle Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Apple QuickTime Buffer Overflow Vulnerability in Apple QuickTime 7.7.4 and Earlier Buffer Overflow Vulnerability in Apple QuickTime Allows Remote Code Execution or Denial of Service Buffer Overflow Vulnerability in Apple QuickTime 7.7.4 and Earlier Versions Buffer Overflow Vulnerability in Apple QuickTime 7.7.4 and Earlier JPEG Data Memory Corruption Vulnerability in Apple QuickTime Buffer Overflow Vulnerability in Apple QuickTime Allows Remote Code Execution or Denial of Service Buffer Overflow in Apple QuickTime Allows Remote Code Execution or Denial of Service Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Memory Initialization Vulnerability in CoreMedia Playback in Apple Mac OS X Buffer Overflow in CoreGraphics: Remote Code Execution and Application Crash via Crafted JBIG2 Data in PDF Document Buffer Overflow Vulnerability in ImageIO in Apple Mac OS X Revoked Certificate Bypass Vulnerability in Apple Mac OS X Installer Unverified X.509 Certificates in IPSec Implementation on Apple Mac OS X Denial of Service Vulnerability in Apple Mac OS X Kernel Password Exposure in MDMClient Command Line in Apple Mac OS X Power Management Locking Failure in Apple Mac OS X Memory Corruption Vulnerability in QuickTime Movie Files Bypassing Screen Lock in Apple Mac OS X before 10.8.5 through Screen-Sharing Access Multiple Cross-Site Scripting (XSS) Vulnerabilities in Apple Mac OS X Server Wiki Server iTunes ActiveX Control Remote Code Execution Vulnerability Arbitrary Code Execution and Memory Corruption Vulnerability in Safari for Apple iOS Arbitrary Code Execution and Denial of Service Vulnerability in WebKit (CVE-2013-XXXX) Arbitrary Code Execution and Denial of Service Vulnerability in WebKit (CVE-2013-XXXX) Arbitrary Code Execution and Denial of Service Vulnerability in WebKit (CVE-2013-XXXX) Arbitrary Code Execution and Denial of Service Vulnerability in WebKit (CVE-2013-XXXX) Arbitrary Code Execution and Denial of Service Vulnerability in WebKit (CVE-2013-XXXX) Arbitrary Code Execution and Denial of Service Vulnerability in WebKit (CVE-2013-XXXX) Arbitrary Code Execution and Denial of Service Vulnerability in WebKit (CVE-2013-XXXX) Arbitrary Code Execution and Denial of Service Vulnerability in WebKit (CVE-2013-XXXX) Arbitrary Code Execution and Denial of Service Vulnerability in WebKit (CVE-2013-XXXX) Arbitrary Code Execution and Denial of Service Vulnerability in WebKit (CVE-2013-XXXX) Arbitrary Code Execution and Denial of Service Vulnerability in WebKit (CVE-2013-XXXX) Privilege Escalation via Symlink Attack in Debian Apache2 Package Remote Code Execution Vulnerability in cfingerd 1.4.3-3 via Buffer Overflow in RFC1413 Client Bypassing Screen Locking in gnome-screensaver Insecure Handling of InRelease Files in apt Privilege Escalation via PATH Environment Variable in pam-xdg-support Insecure Cryptographic Algorithm in remote-login-service's crypt.c Allows Username and Password Recovery Vulnerability: Unity-Firefox-Extension Package Allows for Unity Webapps Context Destruction Unity-Firefox-Extension Package Vulnerability: Crashing Firefox via Exploited C Callbacks Privilege Escalation and Denial of Service Vulnerability in X.org X Server 1.13.3 and Earlier Untrusted Search Path Vulnerability in MAAS-import-pxe-files Lack of File Integrity Verification in maas-import-pxe-files in MAAS before 13.10 Allows Remote File Modification NULL pointer dereference vulnerability in net/ceph/auth_none.c in the Linux kernel through 3.10 Privilege escalation vulnerability in Ubuntu Linux kernel build procedure Improper D-Bus Communication in Software Properties 0.92.17 and earlier PolkitUnixProcess PolkitSubject Race Condition Vulnerability in ubuntu-system-service Improper D-Bus Communication in usb-creator Allows Local Privilege Escalation PolkitUnixProcess PolkitSubject Race Condition Vulnerability in apt-xapian-index PolkitUnixProcess PolkitSubject Race Condition Vulnerability in Jockey Race condition vulnerability in language-selector before 0.110.1, 0.90.1, and 0.79.4 Weak Permissions for Core Dump Files in Apport 2.12.5 and Earlier Improper Sudo Configuration Vulnerability in OpenStack Nova and Cinder Packages World-readable permissions for txlongpoll.yaml in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4: Unauthorized Access to RabbitMQ Credentials Arbitrary Web Script Injection Vulnerability in Ubuntu Metal as a Service (MaaS) API Directory Traversal Vulnerability in ISCreateObject Method in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 Directory Traversal Vulnerability in Novell ZENworks Configuration Management Arbitrary File Inclusion Vulnerability in Novell ZENworks Mobile Management (ZMM) Arbitrary File Inclusion Vulnerability in Novell ZENworks Mobile Management Unspecified Login Vulnerability in Novell Identity Manager Reporting Module Arbitrary File Read Vulnerability in Novell ZENworks Configuration Management (ZCM) 11.2.3 Stack-based Buffer Overflow in Novell GroupWise Messenger and Novell Messenger Arbitrary Web Script Injection Vulnerability in Novell GroupWise WebAccess Client-side Cross-Site Scripting (XSS) Vulnerability in Novell GroupWise CSRF Vulnerability in Novell iManager 2.7 before SP6 Patch 1 Incorrect Ownership Vulnerability in SUSE Horde5 Package Remote Code Execution Vulnerability in Novell iPrint Client Unquoted Windows Search Path Vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 Open Redirect Vulnerability in ZCC Login Page in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 Cross-site scripting (XSS) vulnerability in ZCC page in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 Arbitrary Web Script Injection via onError Event in Novell ZENworks Configuration Management (ZCM) 11.2 Cross-site scripting (XSS) vulnerability in Novell Identity Manager Roles Based Provisioning Module 4.0.2 before Field Patch D Arbitrary Web Script Injection via onload Event in Novell ZENworks Configuration Management (ZCM) 11.2 Denial of Service Vulnerability in Cisco IOS on Catalyst Switches (Bug ID CSCuc53853) Denial of Service Vulnerability in Cisco Wireless LAN Controller Devices (CSCtx80743) Denial of Service Vulnerability in Cisco Wireless LAN Controller Devices (CSCts87659) Arbitrary Code Execution Vulnerability in Cisco Wireless LAN Controller (WLC) Devices (Bug ID CSCuc15636) Cisco Wireless LAN Controller (WLC) SNMP Bypass Vulnerability Remote File Read Vulnerability in Cisco Webex Social Remote Authenticated User Can Remove Hands-On Lab-Session Reservations in Cisco WebEx Training Center (CSCzu81064) CSRF Vulnerability in Cisco WebEx Training Center Allows Unauthorized Deletion of Tests Privilege Bypass Vulnerability in Cisco WebEx Training Center Improper Access Control in Cisco ATA 187 Analog Telephone Adaptor Firmware 9.2.1.0 and 9.2.3.1 before ES Build 4 (Bug ID CSCtz67038) Cisco CRS Denial of Service Vulnerability Cisco Unified Communications Domain Manager XSS Vulnerability (Bug ID CSCue21042) Cisco Unity Express Multiple Cross-Site Scripting (XSS) Vulnerabilities (Bug ID CSCud87527) Buffer Overflow in Cisco WebEx ARF Player: Remote Code Execution and Denial of Service Vulnerability Buffer Overflow in Cisco WebEx ARF Player: Remote Code Execution and Denial of Service Vulnerability Buffer Overflow Vulnerability in Cisco WebEx Recording Format (WRF) Player Cisco WebEx Recording Format (WRF) Player Stack-Based Buffer Overflow Vulnerability Buffer Overflow in Cisco WebEx Recording Format (WRF) Player: Remote Code Execution and Denial of Service Vulnerability Cisco Unity Express Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities Denial of Service Vulnerability in Cisco NX-OS BGP Implementation (Bug ID CSCuf49554) Denial of Service Vulnerability in Cisco NX-OS on Nexus 7000 with OTV Configuration (CSCud15673) Cross-Site Scripting (XSS) Vulnerabilities in Cisco Unified MeetingPlace 7.0 Cisco Network Admission Control (NAC) Agent on Mac OS X SSL Certificate Verification Vulnerability Privilege Escalation Vulnerability in Cisco Network Management Software Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Cisco Unified MeetingPlace Cisco Unity Connection 9.x Memory Leak Vulnerability (Bug ID CSCud59736) Weak Permissions in Cisco AnyConnect Secure Mobility Client on Mac OS X Denial of Service and Potential Impact Vulnerability in Cisco Small Business Wireless Access Points Cross-Site Scripting (XSS) Vulnerabilities in Cisco Unified Communications Domain Manager Denial of Service Vulnerability in Cisco Unified Communications Manager (CUCM) 8.6 and 9.x Unauthenticated Remote Cache-Poisoning Vulnerability in Cisco Unified Communications Manager (CUCM) Denial of Service Vulnerability in Cisco Prime Central for HCS Assurance 8.6 and 9.0 (CSCuc07155) Memory Management Vulnerability in Cisco IOS on ASR Route Processor 2 Denial of Service Vulnerability in Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 Denial of Service Vulnerability in Cisco ASA NAT Process (Bug ID CSCue46386) Privilege Escalation Vulnerability in Cisco Cloud Portal (Bug ID CSCud81134) XML External Entity (XXE) Vulnerability in Cisco Security Monitoring, Analysis, and Response System (MARS) Buffer Management Vulnerability in Cisco Wireless LAN Controller Devices VRF-aware NAT Race Condition Vulnerability Denial of Service Vulnerability in Cisco IOS and IOS XE RSVP Protocol Implementation Cisco IOS 15.1 IKEv1 Memory Leak Vulnerability Cisco IOS Zone-Based Policy Firewall SIP Application Layer Gateway Inspection Memory Leak Vulnerability Smart Install Client Denial of Service Vulnerability Cisco IOS Protocol Translation Denial of Service Vulnerability Denial of Service Vulnerability in Cisco IOS and IOS XE (Bug ID CSCuc72594) Denial of Service Vulnerability in Cisco Adaptive Security Appliances (ASA) and Firewall Services Module (FWSM) Cisco ASA Authentication-Proxy Denial of Service Vulnerability Denial of Service Vulnerability in Cisco Adaptive Security Appliances (ASA) Devices Denial of Service Vulnerability in Cisco ASA Devices (Bug ID CSCuc80080) Cisco Prime Infrastructure Cross-Site Request Forgery (CSRF) Vulnerability Denial of Service Vulnerability in Cisco Small Business Switches (CSCua30246) Denial of Service Vulnerability in Cisco Firewall Services Module (FWSM) Software Cisco Prime Central for Hosted Collaboration Solution Directory Traversal Vulnerability (Bug ID CSCud51034) IBM Tivoli Monitoring (ITM) Java Servlet Container Cross-Site Scripting (XSS) Vulnerability IBM Tivoli Monitoring (ITM) Help Menus Cross-Site Scripting (XSS) Vulnerability Netcool Impact (NCI) Web Menus Cross-Site Scripting (XSS) Vulnerability OpenView Web Menus XSS Vulnerability in Cisco Prime Central for Hosted Collaboration Solution (Bug ID CSCud56743) Denial of Service Vulnerability in Cisco Jabber IM Application for Android (Bug ID CSCue38383) Denial of Service Vulnerability in Cisco IOS XR Traffic Engineering Processing Subsystem (Bug ID CSCue04000) Multiple SQL Injection Vulnerabilities in Cisco Connected Grid Network Management System (CG-NMS) Denial of Service Vulnerability in Cisco IOS XE 3.4 Denial of Service Vulnerability in Cisco IOS XE on ASR 1000 Series Routers (Bug ID CSCtz23293) Denial of Service Vulnerability in Cisco IOS XE on ASR Routers with VRF-aware NAT and SIP ALG Denial of Service Vulnerability in Cisco IOS XE on ASR 1000 Series Routers (Bug ID CSCtt11558) Session Hijacking Vulnerability in Cisco Unified MeetingPlace Application Server Improper Cookie Verification in Cisco Unified MeetingPlace Web Conferencing Server (Bug ID CSCuc64846) Default Password Vulnerability in Cisco Prime Network Control System (NCS) Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cisco Connected Grid Network Management System (CG-NMS) Privilege Escalation Vulnerability in Cisco AnyConnect Secure Mobility Client Heap-based Buffer Overflow in Cisco AnyConnect Secure Mobility Client (CVE-2013-3462) Denial of Service Vulnerability in Cisco Tivoli Business Service Manager (TBSM) Denial of Service Vulnerability in Cisco TelePresence MCU and TelePresence Server SQL Injection Vulnerability in Cisco Network Admission Control (NAC) Manager Multiple Buffer Overflows in Cisco Discovery Protocol (CDP) Implementation on Nexus, MDS, UCS, and CGR Devices Buffer Overflow Vulnerabilities in Cisco NX-OS and MDS 9000 Devices Buffer Overflow Vulnerability in Cisco NX-OS and MDS 9000 Devices via Crafted SNMP Request (CSCtx54822) Denial of Service Vulnerability in Cisco NX-OS, Nexus 5500, Nexus 3000, and UCS 6200 Devices Bypassing LDAP Authentication in Cisco UCS Web Console (Bug ID CSCtc91207) Buffer Overflow Vulnerability in Cisco UCS IPMI Manager Component (CSCtd32371) Denial of Service Vulnerability in Cisco UCS Manager XML API Information Disclosure Vulnerability in Cisco UCS Manager Bypassing KVM Authentication in Cisco Unified Computing System (UCS) Denial of Service Vulnerability in Cisco Jabber XCP (Bug ID CSCts76762) Denial of Service Vulnerability in Cisco Unified Communications Manager (CUCM) Denial of Service Vulnerability in Cisco uBR 10000 Series Routers with IPv4/IPv6 Dual-Stack Modem (CSCue15313) Inadequate Port Restriction in Cisco UCS C-Series Rack Server Component 1.4 Privilege Escalation in Cisco NX-OS 6.1 on Nexus 7000 Devices with Multiple VDCs Arbitrary Command Execution Vulnerability in Cisco Device Manager for Cisco MDS 9000 and Nexus 5000 Devices Denial of Service Vulnerability in Cisco ASA and FWSM SSH Implementation IKE Aggressive-Mode Vulnerability in Cisco ASA Devices (Bug ID CSCue73708) Time-based ACL Bypass Vulnerability in Cisco ASA and FWSM Devices Privilege Escalation Vulnerability in Cisco Network Management Software XML Parser Denial of Service Vulnerability in Cisco Unified Presence (CUP) (Bug ID CSCue13912) Cisco UCS Central Flash Component Cross-Site Scripting (XSS) Vulnerability Race condition vulnerability in CIFS implementation in Cisco ASA devices allows remote authenticated users to cause denial of service Session Fixation Vulnerability in Cisco Secure Access Control System (ACS) Cisco ACE A2(3.6) Log Retention Denial of Service Vulnerability Denial of Service Vulnerability in Cisco ASA CX Context-Aware Security Software (Bug ID CSCue88386) Cisco IOS XR SNMP Memory Leak Vulnerability Unauthenticated Access to Host Keys and Event Passwords in Cisco WebEx Meetings Server Vulnerability in Cisco NX-OS on Nexus 1000V Allows Remote Interception or Modification of Network Traffic (Bug ID CSCud14691) Authentication Bypass Vulnerability in Cisco NX-OS on Nexus 1000V Denial of Service Vulnerability in Cisco Nexus 1000V Virtual Ethernet Module (VEM) Authentication Bypass Vulnerability in Cisco NX-OS on Nexus 1000V Improper X.509 Certificate Verification in Cisco NX-OS on Nexus 1000V Improper Priority Assignment in Cisco NX-OS on Nexus 1000V Privilege Escalation Vulnerability in Cisco Unified CCX Scripts Editor (CSCuf77546) Privilege Escalation Vulnerability in Cisco ASA 5505 Easy VPN Component (Bug ID CSCuf85295) Cisco IOS XR SNMP Module Memory Leak Vulnerability Buffer Management Vulnerability in Cisco IOS SNMP Implementation (Bug ID CSCub41105) Denial of Service Vulnerability in Cisco ASA 5500-X IPS-SSP Software Denial of Service Vulnerability in Cisco IPS SensorApp (Bug ID CSCuc74630) Denial of Service Vulnerability in Cisco Unified Customer Voice Portal Software (CVE-2013-3462) Arbitrary Code Execution Vulnerability in Cisco Unified Customer Voice Portal Software Arbitrary Custom Web Application Launch Vulnerability in Cisco Unified Customer Voice Portal Software Arbitrary File Read Vulnerability in Cisco Unified Customer Voice Portal (CVP) Software Directory Traversal Vulnerability in Cisco Unified Customer Voice Portal (CVP) Software XML External Entity (XXE) Vulnerability in Cisco Unified Customer Voice Portal (CVP) Software Denial of Service Vulnerability in Cisco NX-OS on Nexus 7000 Devices (Bug ID CSCug47098) Cisco Unified Communications Domain Manager XSS Vulnerability (Bug ID CSCug37902) Unverified X.509 Certificates Vulnerability in Cisco Jabber on Windows (Bug ID CSCug30280) Denial of Service Vulnerability in TMSSNMPService.exe in Cisco TelePresence Management Suite Denial of Service Vulnerability in Cisco Unified Communications Domain Manager (Bug ID CSCug47057) Remote Code Execution Vulnerability in Cisco WebEx Node for MCS and WebEx Meetings Server Uninitialized Memory Read Vulnerability in Cisco WebEx Node Denial of Service Vulnerability in Cisco IOS XR SNMP Module (Bug ID CSCue69472) Cisco Wireless LAN Controller (WLC) Denial of Service Vulnerability Denial of Service Vulnerability in Cisco TelePresence Supervisor MSE 8050 Arbitrary File Read Vulnerability in Cisco Unified Communications Manager (CUCM) Command-Line Interface (CLI) (Bug ID CSCue25770) Denial of Service Vulnerability in Cisco IOS on ISR G2 Routers (Bug ID CSCub92025) Cisco Unified Presence (CUP) Server Memory Leak Vulnerability Denial of Service Vulnerability in Cisco Intrusion Prevention System Software Cross-Site Scripting (XSS) Vulnerability in Cisco WebEx Social Portal Module (Bug ID CSCue67199) Bypassing Access Restrictions in Cisco WebEx Social User-Management Page (Bug ID CSCue67190) Denial of Service Vulnerability in Cisco TelePresence System Software (Bug ID CSCug77610) Cisco Prime Infrastructure XSS Vulnerability in Wireless Configuration Module Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Race condition vulnerability in win32k.sys allows local privilege escalation and arbitrary kernel memory read Kernel Privilege Escalation Vulnerability Kernel Privilege Escalation Vulnerability Windows Kernel Reference Count Vulnerability NULL Dereference Vulnerability in Microsoft Windows Server 2008 R2, R2 SP1, and Server 2012 Memory Consumption Vulnerability in Microsoft Active Directory Services Win32k.sys Race Condition Privilege Escalation Vulnerability Kernel Privilege Escalation via Race Condition Vulnerability in Microsoft Windows 8, Windows Server 2012, and Windows RT Windows USB Object Handling Vulnerability Windows USB Object Handling Vulnerability Windows USB Object Handling Vulnerability Internet Explorer CTreeNode Use After Free Vulnerability HTML Sanitization Vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 Incorrect Access Rights Information Disclosure Vulnerability in Microsoft SharePoint Server 2013 Win32k Font Parsing Vulnerability Win32k.sys Race Condition Privilege Escalation Vulnerability NTFS NULL Pointer Dereference Vulnerability Kernel Privilege Escalation Vulnerability CSRSS Memory Corruption Vulnerability RDP ActiveX Control Remote Code Execution Vulnerability JSON Array Information Disclosure Vulnerability in Microsoft Internet Explorer 6-8 Remote Link Spoofing Vulnerability in Microsoft Windows Modern Mail Win32k Memory Allocation Vulnerability XML External Entities Resolution Vulnerability in Microsoft Visio 2003, 2007, and 2010 Lync RCE Vulnerability: Remote Code Execution in Microsoft Communicator and Lync Server Internet Explorer Use-After-Free Remote Code Execution Vulnerability Internet Explorer Use-After-Free Remote Code Execution Vulnerability HTTP.sys Denial of Service Vulnerability Internet Explorer 9 Use-After-Free Vulnerability Internet Explorer Use-After-Free Vulnerability Internet Explorer Use-After-Free Remote Code Execution Vulnerability Internet Explorer Use-After-Free Remote Code Execution Vulnerability Internet Explorer Use After Free Vulnerability Internet Explorer 8 Use-After-Free Vulnerability Internet Explorer Use After Free Vulnerability OLE Automation Remote Code Execution Vulnerability Microsoft Office Memory Corruption Vulnerability Publisher Negative Value Allocation Vulnerability Publisher Integer Overflow Vulnerability Publisher Corrupt Interface Pointer Vulnerability Publisher Return Value Handling Vulnerability Remote Code Execution Vulnerability in Microsoft Publisher 2003 SP3 Publisher Return Value Validation Vulnerability Publisher Invalid Range Check Vulnerability Publisher Incorrect NULL Value Handling Vulnerability Word Stack Buffer Overwrite Vulnerability in Microsoft Office Word Heap Overwrite Vulnerability Publisher Signed Integer Vulnerability Publisher Pointer Handling Vulnerability Microsoft Publisher 2003 SP3 Integer Signedness Error Vulnerability MAC Disabled Vulnerability in Microsoft SharePoint and Office Web Apps PNG Data Buffer Overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac DirectX Graphics Kernel Subsystem Double Fetch Vulnerability Win32k.sys Buffer Overflow Vulnerability in Windows 7 SP1 Win32k Window Handle Vulnerability Word Shape Corruption Vulnerability XML Digital Signature Spoofing Vulnerability .NET Framework 4.5 Authentication Bypass Vulnerability Internet Explorer Use-After-Free Remote Code Execution Vulnerability Print Spooler Memory Management Vulnerability Win32k Dereference Vulnerability Win32k Multiple Fetch Vulnerability Win32k Multiple Fetch Vulnerability Win32k Multiple Fetch Vulnerability Win32k Multiple Fetch Vulnerability Win32k.sys Memory Object Handling Vulnerability Remote Code Execution Vulnerability in Microsoft Malware Protection Engine Memory Object Handling Vulnerability in Microsoft Internet Explorer 8 Arbitrary PHP Code Execution in Symfony 2.0.x (CVE-2013-1397) Remote Code Execution via Eval Injection in openSIS 4.5 through 5.2 Multiple Security Bypass Vulnerabilities in Verax NMS prior to 2.1.0 Authentication Bypass Vulnerability in Verax NMS prior to 2.10 Hardcoded Encryption Key Vulnerability in Verax NMS Prior to 2.1.0 Cross-Site Scripting (XSS) Vulnerability in Orange HRM 2.7.1 via Vacancy Name Root Account Access Vulnerability in DELL SonicWALL Analyzer, Global Management System (GMS), Universal Management Appliance (UMA), and ViewPoint Authentication Bypass Vulnerability in DELL SonicWALL Global Management System (GMS), Analyzer, UMA, and ViewPoint Untrusted Search Path Vulnerability in Lenovo Thinkpad Bluetooth Software Incomplete Blacklist Vulnerability in NRPE Allows Remote Command Execution LDAP Configuration Override Vulnerability in Zabbix Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.6.0.599 Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.6.0.599 Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.6.0.599 Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.6.0.599 Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.6.0.599 Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.6.0.599 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.6.0.599 allows arbitrary code execution Buffer overflow vulnerability in Adobe Flash Player and Adobe AIR before 3.6.0.599 Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows arbitrary code execution Heap-based buffer overflow vulnerability in Adobe Flash Player and Adobe AIR Buffer Overflow Vulnerability in Adobe Reader and Acrobat 9.x, 10.x, and 11.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Digital Editions 2.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player, Adobe AIR, and Adobe AIR SDK & Compiler Uninitialized Pointer Arrays Vulnerability in Adobe Flash Player, Adobe AIR, and Adobe AIR SDK & Compiler Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Address Information Disclosure Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player User Impersonation Vulnerability in Adobe ColdFusion Versions 9.0 and 10 Unspecified vulnerability in Adobe ColdFusion allows unauthorized administrator-console access Unspecified Remote Code Execution Vulnerability in Adobe ColdFusion Authentication Bypass Vulnerability in Multiple CCTV Systems Allows Remote Retrieval of Device Configuration Arbitrary Code Injection Vulnerability in CurvyCorners Drupal Module Arbitrary PHP Code Execution Vulnerability in Symfony 2.x Insecure Access Control in Puppet Enterprise Allows Privilege Escalation and Information Disclosure Cross-Site Request Forgery (CSRF) Vulnerabilities in Puppet Enterprise Console SQL Injection Vulnerabilities in WordPress Poll Plugin 34.5: Arbitrary SQL Command Execution Remote Code Execution Vulnerabilities in WordPress Poll Plugin 34.5 Unauthenticated Remote Information Disclosure in DigiLIBE 3.4 Authentication Protocol Vulnerability in VMware vCenter Server, VirtualCenter, vSphere Client, VI-Client, ESXi, and ESX Memory Allocation Vulnerability in VMware Virtual Machine Communication Interface (VMCI) Implementation Multiple Cross-Site Scripting (XSS) Vulnerabilities in Events Manager Plugin for WordPress SQL Injection Vulnerabilities in Wysija Newsletters Plugin for WordPress Arbitrary Script Injection in CommentLuv Plugin for WordPress Multiple XSS Vulnerabilities in Perforce P4web 2011.1 and 2012.1 Arbitrary PHP Code Execution in DataLife Engine (DLE) 9.7 via catlist[] Parameter Unsanitized User Input Allows Cross-Site Scripting (XSS) Attacks in synetics i-doit Open and Pro Versions Cross-Site Request Forgery (CSRF) Vulnerabilities in Fortinet FortiOS Firewall Devices Denial of Service via Malformed KRB5_PADATA_PK_AS_REQ AS-REQ Request in MIT Kerberos 5 Denial of Service Vulnerability in MIT Kerberos 5 (krb5) before 1.10.5 Denial of Service Vulnerability in MIT Kerberos 5 KDC Denial of Service Vulnerability in MIT Kerberos 5 KDC Cross-Site Scripting (XSS) Vulnerabilities in GetSimple CMS before 3.2.1 Arbitrary Web Script Injection in Craig Knudsen WebCalendar WebCalendar before 1.2.7 Login Failure Information Disclosure Vulnerability Vulnerability: Arbitrary File Permissions Change and Information Disclosure in FusionForge 5.0-5.2 Exposure of Password Hashes in ldap-git-backup (before 1.0.4) due to Incorrect Directory Permissions Arbitrary Web Script Injection in Mahara TinyMCE Editor Predictable Socket File Name Vulnerability in FastCGI PHP Support for lighttpd Stack-based Buffer Overflow in receive_tcppacket function in tinc Information Disclosure Vulnerability in Lintian before 2.5.12 Insecure Password Storage in xrdp TLS Verification Bypass in Wocky Module of Telepathy Gabble Xen XSA-45: Improper Page Reference Maintenance Vulnerability SQL Injection Vulnerabilities in Cacti API Poller and Utility Files Arbitrary Command Execution in Cacti SNMP and RRD PHP Files Remote Code Execution via XMonad.Hooks.DynamicLog Module Eval Injection Vulnerability in Module-Metadata Module: Remote Code Execution via $Version Denial of Service Vulnerability in dcraw 0.8.x through 0.8.9 NULL Pointer Dereference Vulnerability in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 Uninitialized setjmp Variable in ExactImage 0.8.9 and Earlier Allows Denial of Service Information Leakage Vulnerability in Xen 4.0 through 4.3.x Denial of Service Vulnerability in Django Authentication Framework Local File Overwrite Vulnerability in Debian Patch for txt2man 1.5.5 Insecure PRNG Reseeding in PyCrypto's Crypto.Random.atfork Function Denial of Service Vulnerability in OpenJPEG 1.3 and Earlier Proxy Misconfiguration Vulnerability in Microsoft Internet Explorer 8 and 9 Inconsistent SSL Lock Icon Vulnerability in Microsoft Internet Explorer 8 and 9 Arbitrary PHP Object Unserialization and Multiple Attacks in Joomla! 3.0.x and 2.5.x Unspecified Coding Errors in Joomla! 3.0.x through 3.0.2 Allow Sensitive Information Disclosure Unspecified Vector Vulnerability in Joomla! 3.0.x through 3.0.2 SOAPAction Header Denial of Service Vulnerability Denial of Service Vulnerability in MiniUPnP MiniUPnPd 1.0 Cross-site scripting (XSS) vulnerability in WP-Table Reloaded module before 1.9.4 for WordPress Arbitrary Script Injection in Audio Player Plugin for WordPress Arbitrary PHP Object Unserialization in CubeCart::_basket Method Multiple Cross-Site Scripting (XSS) Vulnerabilities in glFusion before 1.2.2.pl4 CSRF vulnerability in Piwigo LocalFiles Editor Plugin Allows Arbitrary PHP File Creation Piwigo install.php Directory Traversal Vulnerability Arbitrary Web Script Injection in Geeklog Calendar Plugin Cross-Site Scripting (XSS) Vulnerabilities in Fortinet FortiMail Appliances Unspecified vulnerability in Oracle Java SE JavaFX 2.2.4 and earlier Unspecified Remote Code Execution Vulnerability in Oracle Java SE Unspecified vulnerability in Oracle Java SE JavaFX 2.2.4 and earlier Unspecified vulnerability in Java Runtime Environment (JRE) component in Oracle Java SE and OpenJDK Unspecified vulnerability in Java Runtime Environment (JRE) component allowing remote attackers to affect confidentiality, integrity, and availability Unspecified vulnerability in Oracle Java SE JavaFX 2.2.4 and earlier Unspecified 2D Vulnerability in Java Runtime Environment (JRE) Unspecified Remote Code Execution Vulnerability in Java Runtime Environment (JRE) Unspecified vulnerability in Java Runtime Environment (JRE) component allowing remote attackers to affect confidentiality, integrity, and availability via AWT vectors Unspecified Sound-related Vulnerability in Oracle Java SE Unspecified vulnerability in Oracle Java SE JavaFX 2.2.4 and earlier Unspecified vulnerability in Oracle Java SE JavaFX 2.2.4 and earlier Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality, integrity, and availability Unspecified Remote Code Execution Vulnerability in Oracle Java SE 7 Update 13 and earlier Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to affect confidentiality, integrity, and availability via JMX vectors Unspecified vulnerability in Java Runtime Environment allows remote attackers to affect confidentiality, integrity, and availability Remote Code Execution Vulnerability in Java Runtime Environment (JRE) Java Runtime Environment (JRE) Java Security Slider vulnerability Unspecified User-Assisted Remote Bypass Vulnerability in Oracle Java SE 7 Update 11 Arbitrary Code Execution Vulnerability in Oracle Java SE 7 Update 17 and Earlier Unspecified Buffer Overflow Vulnerability in yaSSL Java SE Color Management Vulnerability Unspecified Vulnerability in Oracle Sun Solaris 10 on SPARC T4 Servers Affecting Kernel Availability Symlink Attack Vulnerability in Oracle Auto Service Request Unspecified Local Denial of Service Vulnerability in Oracle Sun Solaris 10 and 11 Unspecified Remote Integrity Vulnerability in Oracle COREid Access Component Unspecified Local Denial of Service Vulnerability in Oracle Sun Solaris 10 and 11 Unspecified Network Configuration Vulnerability in Oracle Sun Solaris 11 Unspecified vulnerability in Java Runtime Environment (JRE) component allows local users to affect confidentiality and integrity Unspecified Remote Integrity Vulnerability in Oracle iStore Component Unspecified Local Availability Vulnerability in Oracle MySQL Server Unspecified Integrity Vulnerability in Oracle WebCenter Content Component Unspecified Remote Integrity Vulnerability in Oracle WebLogic Server Unspecified vulnerability in Oracle FLEXCUBE Direct Banking component allows remote authenticated users to affect confidentiality and integrity Unspecified Remote Server Locking Vulnerability in Oracle MySQL Unspecified Filesystem Vulnerability in Oracle Sun Solaris 10 and 11 Unspecified vulnerability in Oracle GlassFish Server allows remote attackers to affect integrity via REST Interface vectors Unspecified Integrity Vulnerability in Oracle WebCenter Sites Component Unspecified Confidentiality Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Remote Availability Vulnerability in Oracle MySQL Unspecified Remote Availability Vulnerability in Oracle MySQL 5.5.29 and Earlier Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Unspecified RMI Support Integrity Vulnerability in Oracle Containers for J2EE Unspecified Remote Integrity Vulnerability in Oracle GlassFish Server Unspecified Remote Code Execution Vulnerability in Oracle WebCenter Capture Component Unspecified Confidentiality Vulnerability in Oracle E-Business Suite Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality, integrity, and availability via JAXP vectors Unspecified Remote Integrity Vulnerability in Oracle Database Server Unspecified vulnerability in Oracle Clinical Remote Data Capture Option component in Oracle Industry Applications 4.6.0 and 4.6.6 Unspecified Remote Server Locking Vulnerability in Oracle MySQL Unspecified Integrity Vulnerability in Oracle WebCenter Content Component Unspecified Remote Code Execution Vulnerability in Oracle MySQL Server Optimizer Unspecified Remote Integrity Vulnerability in Oracle E-Business Suite 12.0.6 and 12.1.3 Unspecified Confidentiality Vulnerability in Oracle Retail Integration Bus Manager Unspecified Remote Availability Vulnerability in Oracle MySQL Server Replication Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified Remote Integrity Vulnerability in Oracle HRMS Component of Oracle E-Business Suite Unspecified Remote Integrity Vulnerability in Oracle WebCenter Interaction Component Unspecified Kernel Vulnerability in Oracle Sun Solaris 10 Unspecified Remote Server Privileges Vulnerability in Oracle MySQL 5.1.66 and Earlier and 5.5.28 and Earlier Unspecified Information Schema Vulnerability in Oracle MySQL Unspecified vulnerability in Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software Unspecified vulnerability in Oracle Database Server Workload Manager component in RAC configurations Unspecified Confidentiality Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified Confidentiality Vulnerability in Oracle Transportation Management Component Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote code execution via RMI Unspecified Remote Availability Vulnerability in Oracle Database Server 11.2.0.2 and 11.2.0.3 Confidentiality vulnerability in Oracle FLEXCUBE Direct Banking component Unspecified Remote Code Execution Vulnerability in Java Runtime Environment (JRE) Unspecified vulnerability in Oracle FLEXCUBE Direct Banking component affecting confidentiality Unspecified Remote Integrity Vulnerability in Oracle Containers for J2EE in Oracle Fusion Middleware 10.1.3.5 Unspecified Confidentiality Vulnerability in Oracle Siebel CRM's Siebel UI Framework Component Unspecified vulnerability in Oracle MySQL allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language Unspecified Remote Code Execution Vulnerability in Oracle HTTP Server Unspecified vulnerability in Oracle FLEXCUBE Direct Banking component allows local users to affect confidentiality Unspecified Integrity Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified Remote Availability Vulnerability in Oracle MySQL 5.1.63 and Earlier Unspecified Integrity Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified Integrity Vulnerability in PeopleSoft Enterprise PeopleTools Component Unspecified vulnerability in Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Remote Vulnerability in Oracle MySQL 5.1.67 and Earlier and 5.5.29 and Earlier Unspecified vulnerability in Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.6.0 Unspecified Remote Code Execution Vulnerability in Oracle Database Server Unspecified Remote Availability Vulnerability in Oracle MySQL Server Partition Unspecified Integrity Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. Unspecified Remote Code Execution Vulnerability in Oracle WebCenter Content Unspecified Confidentiality Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified Confidentiality Vulnerability in Java Runtime Environment (JRE) and JavaFX Unspecified Integrity Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality, integrity, and availability Unspecified Remote Integrity Vulnerability in Java Runtime Environment (JRE) and JavaFX Unspecified Remote Code Execution Vulnerability in Oracle GoldenGate Veridata Component Unspecified Remote Availability Vulnerability in Oracle MySQL 5.6.10 and Earlier Unspecified Remote Availability Vulnerability in Oracle MySQL 5.6.10 and Earlier Unspecified vulnerability in Oracle FLEXCUBE Direct Banking component allows remote authenticated users to affect availability Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Unspecified Remote Availability Vulnerability in Oracle MySQL 5.6.10 and Earlier Related to MemCached Unspecified vulnerability in Javadoc component allowing remote integrity affectation Denial of Service Vulnerability in Wireshark 1.6.x and 1.8.x Denial of Service Vulnerability in Wireshark CSN.1 Dissector Denial of Service Vulnerability in Wireshark Bluetooth HCI Dissector Denial of Service Vulnerability in Wireshark R3 Dissector Denial of Service Vulnerability in Wireshark SDP Dissector Denial of Service Vulnerability in Wireshark SIP Dissector Denial of Service Vulnerability in Wireshark's dissect_pw_eth_heuristic Function Denial of Service Vulnerability in Wireshark RTPS Dissector Denial of Service Vulnerability in Wireshark DOCSIS CM-STATUS Dissector Denial of Service Vulnerability in Wireshark DCP-ETSI Dissector Denial of Service Vulnerability in Wireshark CLNP Dissector Remote Denial of Service Vulnerability in Wireshark DTN Dissector Remote Denial of Service Vulnerability in Wireshark DTN Dissector Denial of Service Vulnerability in Wireshark MS-MMC Dissector Denial of Service Vulnerability in Wireshark DTLS Dissector Denial of Service Vulnerability in ROHC Dissector in Wireshark 1.8.x before 1.8.5 Multiple Buffer Overflows in DCP-ETSI Dissector in Wireshark Double Free Vulnerability in Wireshark Dissection Engine Buffer Overflow Vulnerability in Wireshark NTLMSSP Dissector Stack-based Buffer Overflow in libpixman Buffer Overflow Vulnerability in SAP Message Server Service Denial of Service Vulnerability in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 Clear Text Storage of Wireless Keys and 3rd Party Credentials in Vivotek PT7135 IP Camera 0300a and 0400a Buffer Overflow Vulnerability in Vivotek PT7135 IP Camera 0300a and 0400a via Authorization Header Field Vivotek PT7135 IP Camera Authentication Bypass Vulnerability Directory Traversal Vulnerability in Vivotek PT7135 IP Cameras 0300a and 0400a Command Injection Vulnerability in Vivotek PT7135 IP Cameras 0300a and 0400a Command Injection Vulnerability in D-Link IP Cameras DCS-3411/3430 and Others Authentication Bypass Vulnerability in D-Link TESCO DCS-2121 and DCS-2102 Cameras Information Disclosure Vulnerability in D-LINK Live Video Stream Processing Authentication Cookie Validation Vulnerability in D-Link IP Cameras and Video Management System Hard-coded Credentials Vulnerability in D-LINK and TESCO IP Cameras MayGion IP Cameras Directory Traversal Vulnerability Remote Code Execution Vulnerability in MayGion IP Cameras Buffer Overflow in Ubiquiti UBNT AirCam RTSP Service Code Execution Vulnerability in Ruby PDFKit Gem (prior to 0.5.3) Directory Traversal Vulnerability in Symantec NetBackup Appliance Management Console Unquoted Windows Search Path Vulnerabilities in Symantec Enterprise Vault Unquoted Windows Search Path Vulnerability in Symantec PGP Desktop and Symantec Encryption Desktop Cross-Site Scripting (XSS) Vulnerabilities in Symantec Brightmail Gateway 9.5.x Administrative Interface Buffer Overflow Vulnerability in Symantec Endpoint Protection Manager and Symantec Endpoint Protection Center SQL Injection Vulnerability in Symantec Security Information Manager (SSIM) Management Console Cross-Site Scripting (XSS) Vulnerabilities in Symantec Security Information Manager (SSIM) Appliance Management Console Unspecified API Calls Vulnerability in Symantec Security Information Manager (SSIM) Management Console Command Injection Vulnerability in Symantec Web Gateway Management Console SQL Injection Vulnerabilities in Symantec Web Gateway Appliance Management Console Timing Side-Channel Vulnerability in Opera TLS Implementation Timing Side-Channel Vulnerability in GnuTLS TLS Implementation Timing Side-Channel Vulnerability in Mozilla Network Security Services (NSS) Array Index Error in SSL Module in PolarSSL: Denial of Service via Crafted Padding-Length Value Timing Side-Channel Vulnerability in wolfSSL CyaSSL Timing Side-Channel Vulnerability in Bouncy Castle TLS Implementation Absolute Path Traversal Vulnerability in Indusoft Studio and Advantech Studio Insecure Package Retrieval and Execution Vulnerability in pip Arbitrary Code Execution via Man-in-the-Middle Attack in PyShop Information Leakage Vulnerability in Verax NMS Prior to 2.1.0: Connection Details Exposed during Repair Table Action Arbitrary Code Execution via Insecure Package Retrieval in easy_install Denial of Service Vulnerability in Intel e1000e/82574L Network Controller Devices Bypassing Access Restrictions via Cached SOAP WSDL Files Arbitrary Script Injection via Open Flash Chart (open-flash-chart.swf) Arbitrary Code Execution Vulnerability in Opera before 12.13 via DOM Events Arbitrary Code Execution Vulnerability in Opera (CVE-2013-4107) CORS Vulnerability in Opera before 12.13 Allows CSRF Bypass Arbitrary Code Execution Vulnerability in Puppet Server Directory Traversal Vulnerability in QuiXplorer Allows Remote File Read Multiple Cross-Site Scripting (XSS) Vulnerabilities in QuiXplorer before 2.5.5 Arbitrary File Read Vulnerability in PHP SOAP Parser Open-Xchange Server Directory Traversal Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in Open-Xchange Server CRLF Injection Vulnerabilities in Open-Xchange Server Server-side request forging (SSRF) vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 Weak Password Hashing Algorithm in Open-Xchange Server Weak Permissions Vulnerability in Open-Xchange Server Unverified SSL Certificate Vulnerability in OXUpdater Arbitrary Catalog Read and Cache Poisoning Vulnerability in Puppet Arbitrary Code Execution Vulnerability in Puppet SSLv2 Downgrade Vulnerability in Puppet 2.7.x and 3.1.x Arbitrary Code Execution in Puppet 2.7.x and 3.1.x Arbitrary Code Execution Vulnerability in Spree Commerce 1.0.x through 1.3.2 VMware vCenter Server and ESXi NFC Protocol Man-in-the-Middle Vulnerability VMware ESXi and ESX Denial of Service Vulnerability through NFC Protocol Privilege escalation vulnerability in VMware Workstation and Player on Debian GNU/Linux XML Entity Expansion (XEE) Vulnerability in Python XML Libraries XML External Entity (XXE) vulnerability in Python XML libraries Code Injection Vulnerability in Foswiki's MAKETEXT Macro Denial of Service Vulnerability in Perl's Rehash Mechanism Arbitrary Command Execution via File Upload in CosCMS Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox and Thunderbird Path Disclosure Vulnerability in Mozilla Firefox Privilege Escalation via Junctions in Mozilla Software Privilege Escalation via Mozilla Updater in Mozilla Firefox on Windows Remote Code Execution Vulnerability in Mozilla Firefox and Thunderbird Information Disclosure Vulnerability in Mozilla Firefox and Thunderbird Arbitrary Code Execution and Denial of Service Vulnerability in Mozilla Firefox and Thunderbird Out-of-bounds read vulnerability in gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox, Thunderbird Arbitrary Code Execution and Denial of Service Vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox and Thunderbird Use-After-Free Vulnerability Use-after-free vulnerability in nsFrameList::FirstChild function in Mozilla Firefox and Thunderbird before 21.0 allows remote code execution or denial of service Use-after-free vulnerability in nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and Thunderbird Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox Mozilla Firefox Use-After-Free Vulnerability in HTMLMediaElement::LookupMediaElementURITable Function Use-after-free vulnerability in nsIDocument::GetRootElement function in Mozilla Firefox before 22.0 Mozilla Firefox Use-After-Free Vulnerability in ResetDir Function XBL User-Defined Function Vulnerability in Mozilla Firefox and Thunderbird Arbitrary JavaScript Execution Vulnerability in Mozilla Firefox Denial of Service Vulnerability in Mozilla Firefox 20.0a1 and Earlier Memory Corruption Vulnerability in Mozilla Firefox and Thunderbird CSRF Vulnerability in Mozilla Firefox and Thunderbird Timing-based Information Leakage in SVG Filter Implementation PreserveWrapper Implementation Vulnerability in Mozilla Firefox and Thunderbird Bypassing Access Restrictions in Mozilla Firefox via IFRAME Element Clickjacking Vulnerability in Mozilla Firefox Arbitrary JavaScript Code Execution via XrayWrapper in Mozilla Firefox and Thunderbird Improper URL Referencing in getUserMedia Permission Implementation in Mozilla Firefox IDN Spoofing Vulnerability in Mozilla Firefox Privilege Escalation via Mozilla Maintenance Service in Mozilla Firefox Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and SeaMonkey Use-after-free vulnerability in nsINode::GetParentNode function in Mozilla Firefox and SeaMonkey Heap-based Buffer Underflow in cryptojs_interpret_key_gen_type Function in Mozilla Firefox and SeaMonkey Stack-based Buffer Overflow in Mozilla Maintenance Service in Mozilla Firefox and Thunderbird Privilege Escalation via Stack-based Buffer Overflow in Mozilla Updater Denial of Service Vulnerability in Mozilla Firefox and SeaMonkey Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Arbitrary JavaScript Execution and XSS in Mozilla Firefox, Thunderbird, and SeaMonkey XrayWrapper Implementation Vulnerability in Mozilla Firefox and SeaMonkey Untrusted Search Path Vulnerabilities in Mozilla Updater Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Cross-Site Scripting (XSS) Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Privilege Escalation via Untrusted Search Path Vulnerabilities in Mozilla Firefox Arbitrary File Read Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Heap-based Buffer Over-read Vulnerability in nsHtml5TreeBuilder::resetTheInsertionMode Function Integer Overflow in drawLineLoop Function in libGLESv2 Library in ANGLE Use-after-free vulnerability in nsAnimationManager::BuildAnimations function in Mozilla Firefox and Thunderbird allows remote code execution or denial of service Denial of Service Vulnerability in NativeKey Widget Use-after-free vulnerability in HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox, Thunderbird, and SeaMonkey allows remote code execution or denial of service Improper Initialization of JavaScript Objects in Mozilla Products Privilege Escalation via Insecure MAR File Handling in Mozilla Software Symlink-based Same Origin Policy Bypass in Mozilla Firefox for Android Memory Initialization Vulnerability in IonMonkey JavaScript Engine WebGL Vulnerability: Remote Desktop-Screenshot Data Leakage in Mozilla Firefox Arbitrary Code Execution and Denial of Service Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Untrusted Search Path Vulnerability in Mozilla Firefox for Android Buffer Overflow in nsFloatManager::GetFlowArea Function in Mozilla Firefox and Thunderbird Bugzilla 4.4.x CSRF Vulnerability in process_bug.cgi Bugzilla Attachment Change CSRF Vulnerability Mozilla Firefox Use-After-Free Remote Code Execution Vulnerability Memory Corruption Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Improper Identification of this Object in Mozilla Products Use-after-free vulnerability in JS_GetGlobalForScopeChain function in Mozilla Firefox, Thunderbird, and SeaMonkey before 24.0 allows remote code execution Uninitialized Data Structures Vulnerability in Mozilla Network Security Services (NSS) Arbitrary X.509 Certificate Spoofing Vulnerability in Mozilla NSS Integer Overflow Vulnerability in Mozilla Network Security Services (NSS) 3.15 Cross-Site Scripting (XSS) Vulnerabilities in Bugzilla editflagtypes.cgi Cross-Site Scripting (XSS) Vulnerabilities in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 via report.cgi Remote Code Execution Vulnerability in IRIS Citations Management Tool Denial of Service Vulnerability in ngIRCd 20 and 20.1 via KICK Command Multiple SQL Injection Vulnerabilities in PHP Address Book 8.2.5 via edit.php and import.php Arbitrary Script Injection in PHP Address Book 8.2.5 via Address Field Heap-based Buffer Overflow in RealPlayer and RealPlayer SP Allows Remote Code Execution via Malformed MP4 File Remote Command Execution in TWiki before 5.1.4 via Crafted Parameter Value Denial of Service Vulnerability in Python XMLRPC Client Library Arbitrary Code Execution Vulnerability in Dragonfly Gem for Ruby on Rails Arbitrary Script Injection in Marekkis Watermark Plugin for WordPress Arbitrary Code Injection through Responsive Logo Slideshow Plugin in WordPress Multiple XSS and HTML Injection Vulnerabilities in The Bug Genie before 3.2.6 Buffer Overflow Vulnerability in stunnel 4.21 through 4.54 with CONNECT Protocol and NTLM Authentication Privilege escalation vulnerability in Linux kernel before 3.7.10 via large family value in Netlink message Local Privilege Escalation via Zypper Package Downgrade Cross-Site Scripting (XSS) Vulnerabilities in smart-flv WordPress Plugin Insecure Group Ownership Setting in libvirt 1.0.2 and Earlier Use-after-free vulnerability in shmem_remount_fs function in Linux kernel before 3.7.10 Arbitrary Code Execution via Crafted OpenJPA Objects Denial of Service Vulnerability in Telepathy Gabble 0.16.x and 0.17.x Arbitrary Script Injection in Ganglia Web 3.5.7 via views_view.php World-readable log file in Monkeyd web server on Gentoo Buffer overflow vulnerability in log_prefix function in Linux kernel 3.x before 3.4.33 Buffer Overflow in VFAT Filesystem Implementation in Linux Kernel NULL pointer dereference vulnerability in Linux kernel before 3.7.4 allows denial of service via /dev/ttyUSB read or write operation on disconnected Edgeport USB serial converter Time Restriction Bypass Vulnerability in Sudo Local privilege escalation vulnerability in sudo Arbitrary Code Execution via JMX Remoting in Apache Geronimo Arbitrary Script Injection Vulnerability in Creative Theme for Drupal Cross-site scripting (XSS) vulnerability in Fresh theme's 3 slide gallery in Drupal before 7.x-1.4 Arbitrary Code Injection via Social Icons in Best Responsive Theme for Drupal Cross-site scripting (XSS) vulnerability in Professional theme's 3 slide gallery in Drupal 7.x-1.4 Arbitrary Code Injection via Social Icons in Responsive Blog Theme for Drupal Arbitrary Code Injection in Business Theme's 3 Slide Gallery Arbitrary Code Injection in Clean Theme's 3 Slide Gallery Arbitrary Code Injection in Premium Responsive Theme's 3 Slide Gallery Arbitrary Code Injection in Company Theme's 3 Slide Gallery Arbitrary Code Injection in Simple Corporate Theme's 3 Slide Gallery Denial of Service and Arbitrary Code Execution Vulnerability in Poppler Denial of Service Vulnerability in poppler's Splash.cc Uninitialized Memory Read Vulnerability in poppler/Stream.cc Race condition vulnerability in install_user_keyrings function in Linux kernel before 3.8.3 Insecure Password Creation in OpenStack-Utils OpenStack-DB Buffer Overflow in OpenAFS Client Utilities Allows Remote Code Execution Heap-based Buffer Overflow in OpenAFS ptserver Buffer Overflow and Memory Corruption Vulnerability in Linux Kernel's kvm_set_msr_common Function Use-after-free vulnerability in Linux kernel allows denial of service or memory corruption via crafted application Improper Handling of Invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW Operations in Linux Kernel Incomplete SSL Certificate Validation in Gnome Online Accounts (GOA) Remote Code Execution and Denial of Service Vulnerability in crack gem for Ruby Object-injection vulnerability in the httparty gem 0.9.0 and earlier for Ruby Object-injection and code execution vulnerability in extlib gem 0.9.15 and earlier for Ruby Multiple SQL Injection Vulnerabilities in PHP-Fusion before 7.02.06 Multiple Cross-Site Scripting (XSS) Vulnerabilities in PHP-Fusion before 7.02.06 Multiple Directory Traversal Vulnerabilities in PHP-Fusion before 7.02.06 Predictable Filename Vulnerability in PHP-Fusion Backup Files Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8 Insecure Temporary Directories Vulnerability in Gambas Cross-Site Scripting (XSS) Vulnerabilities in MantisBT 1.2.12 Access Control Vulnerability in MantisBT Allows Unauthorized Issue Status Modification Denial of Service Vulnerability in ruby-openid gem before 2.2.2 Insecure Permissions in BusyBox's mdev.c Vulnerability Sensitive Information Disclosure in Apache Rave User RPC API Insecure Directory Vulnerability in PackStack 2012.2.3 Denial of Service Vulnerability in MediaWiki Information Disclosure Vulnerability in MediaWiki API Script Arbitrary File Read Vulnerability in MediaWiki before 1.20.3 XFS Filesystem Vulnerability: Denial of Service and System Crash Insecure Permissions in tuned's ktune Service Allow Local Users to Kill Running Processes XML Entity Expansion (XEE) Attack in REXML Parser in Ruby Multiple Cross-Site Scripting (XSS) Vulnerabilities in ownCloud 4.5.x before 4.5.8 Cross-Site Scripting (XSS) Vulnerability in Red Hat Subscription Asset Manager Notifications Form XML External Entity (XXE) vulnerability in PHP SOAP parser Privilege Escalation and Denial of Service Vulnerability in Linux Kernel NULL pointer dereference vulnerability in net/dccp/ccid.h in the Linux kernel before 3.5.4 Privilege Escalation via SCTP_GET_ASSOC_STATS getsockopt System Call in Linux Kernel Information Disclosure in Moodle Calendar Subscriptions Moodle User Profile Information Disclosure Vulnerability Information Disclosure Vulnerability in Moodle Sensitive Information Disclosure in Moodle WebDAV Configuration Form Cross-Site Scripting (XSS) Vulnerabilities in Moodle File Picker Module Remote authenticated user note reassignment vulnerability in Moodle Information Disclosure Vulnerability in Moodle's External Repositories Privilege Escalation in Moodle WebDAV Repositories Denial of Service Vulnerability in OpenStack Compute (Nova) Denial of Service via Accept-Language Header in Squid 3.2.x and 3.3.x Information Disclosure Vulnerability in OpenStack Glance API Reverse-Lookup Bypass Vulnerability in Net-Server SQL Injection Vulnerability in TYPO3 Extbase Framework Open Redirect Vulnerability in TYPO3 Access Tracking Mechanism Piwik 1.11 XSS Vulnerability Denial of Service Vulnerability in mod_dav_svn Apache HTTPD Server Module Denial of Service Vulnerability in mod_dav_svn Apache HTTPD Server Module NULL pointer dereference vulnerability in mod_dav_svn in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause denial of service. Format-string vulnerability in fs/ext3/super.c in the Linux kernel before 3.8.4 NULL pointer dereference vulnerability in mod_dav_svn in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause denial of service. Arbitrary PHP Code Execution via Incomplete Blacklist Vulnerabilities in ownCloud Arbitrary File Import Vulnerability in ownCloud SQL Injection Vulnerability in LeagueManager Plugin for WordPress Unencrypted Database Vulnerability in Almanah Diary 0.9.0 and 0.10.0 Denial of Service Vulnerability in Ruby on Rails Active Record Component Cross-Site Scripting (XSS) Vulnerability in Ruby on Rails sanitize_css Method XML External Entity (XXE) Injection Vulnerability in ActiveSupport::XmlMini_JDOM Backend Cross-Site Scripting (XSS) Vulnerability in Ruby on Rails sanitize helper Privilege Escalation via CLONE_NEWUSER and CLONE_FS Flags in Linux Kernel Unrestricted Access to Configuration Options in Node Parameter Control Module for Drupal Heap-based Buffer Overflow in Linux Kernel USB CDC-WDM Driver Denial of Service Vulnerability in MariaDB and Oracle MySQL Arbitrary Command Execution via mod_rewrite Log File in Apache HTTP Server 2.2.x before 2.2.25 World-writable permissions on non-default CIFS shares in Samba 4.x before 4.0.4 Billion Laughs Attack: Denial of Service Vulnerability in PTLib OpenStack Keystone Folsom (2012.2) Revocation Check Bypass Vulnerability Arbitrary File Creation/Overwrite Vulnerability in OpenSC OpenSC.tokend Gemalto Tokend 2013 Arbitrary File Creation/Overwrite Vulnerability Buffer Overflow Vulnerabilities in VideoLAN VLC Media Player 2.0.4 and Earlier: Remote Code Execution and Denial of Service CRLF Injection Vulnerability in Spacewalk-Java and RHN Satellite 5.6 Arbitrary Web Script Injection Vulnerability in Spacewalk and RHN Satellite 5.6 Denial of Service and Arbitrary Code Execution Vulnerability in Intel Mesa Graphics Drivers Untrusted Search Path Vulnerability in Chicken before 4.8.2 Allows Arbitrary Code Execution Arbitrary Command Execution in command_wrap Gem for Ruby Arbitrary Web Script Injection in Apache ActiveMQ 5.8.0 and Earlier Cross-site scripting (XSS) vulnerability in Apache ActiveMQ Portfolio Publisher Servlet Arbitrary File Read Vulnerability in GNOME libsvg Denial of Service Vulnerability in Mantis Bug Tracker 1.2.12 Denial of Service Vulnerability in mod_dav_svn Apache HTTPD Server Module Cross-Site Scripting (XSS) Vulnerabilities in Red Hat Certificate System (RHCS) and Dogtag Certificate System Format String Vulnerability in Red Hat Certificate System (RHCS) and Dogtag Certificate System: Remote Code Execution and Denial of Service Cross-Site Scripting (XSS) Vulnerabilities in Drupal Views Module 7.x-3.x Arbitrary File Overwrite Vulnerability in pip before 1.3 Remote Code Execution Vulnerability in mod_ruid2 before 0.9.8 Cross-Site Scripting (XSS) Vulnerabilities in ownCloud Server before 5.0.1 Ineffective Anti-Traversal Code in OpenCart Filemanager.php Vulnerability Remote Code Execution in MongoDB NativeHelper Function SQL Injection Vulnerability in ownCloud Server before 5.0.1 Concurrent Memory Access Vulnerability in py-bcrypt Module Improper URI Handling in mod_dav.c Allows for Denial of Service Improper Access Restriction in 389 Directory Server's do_search Function Arbitrary Command Execution in Thumbshooter 0.1.5 Gem for Ruby PostgreSQL Argument Injection Vulnerability Insufficiently Random Number Generation in PostgreSQL with OpenSSL Vulnerability: Bypassing Backup Restrictions in PostgreSQL 9.2.x and 9.1.x Insecure Temporary File Generation in PostgreSQL Superuser Password Exposure in PostgreSQL Graphical Installers Absolute Path Traversal Vulnerability in Roundcube Webmail (CVE-2013-1956) Unspecified Cross-Site Scripting (XSS) Vulnerability in Zero Point Theme for Drupal Arbitrary Script Injection Vulnerability in Drupal Rules Module Arbitrary Content Posting Vulnerability in Commons Group Module for Drupal Arbitrary Content Posting Vulnerability in Commons Wikis Module for Drupal Insecure SSL Server Verification in Apache Qpid Python Client Remote Repository Metadata Denial of Service Vulnerability Arbitrary Command Execution in ldoce 0.0.2 Gem for Ruby Buffer Overflow Vulnerability in HAProxy 1.4 and 1.5-dev Integer Overflow in XWD Plug-in in GIMP 2.6.9 and earlier allows remote code execution Stack-based Buffer Overflow in getaddrinfo Function in GNU C Library (glibc) 2.17 and Earlier XML External Entity (XXE) Vulnerability in ModSecurity before 2.7.3 Unvalidated File Upload Vulnerability in WordPress Plugin User Photo 0.9.4 Denial of Service Vulnerability in Xen Hypervisor on Intel CPUs Denial of Service Vulnerability in Xen's Page Table Manipulation Operations Improper Access Restriction to IRQs in Xen 4.2.x and 4.1.x Use-after-free vulnerability in Xen with XSM enabled allows privilege escalation Local Privilege Escalation: Obtaining Admin Encryption Key via PicketBox Vulnerability Arbitrary File Read Vulnerability in QEMU-NBD Remote Code Execution via DNS Spoofing in rpc-gssd Access Bypass Vulnerability in Commerce Skrill (Formerly Moneybookers) Node Title Disclosure Vulnerability in Chaos Tool Suite (ctools) Module for Drupal Cross-Domain Applet Codebase Vulnerability GIFAR Vulnerability in IcedTea-Web Plugin Unspecified Architecture Local Information Disclosure Vulnerability in Linux Kernel Heap-based Buffer Overflow in tg3_read_vpd Function in Linux Kernel Authenticated User Bypasses Workflow Restriction and Closes Issues in MantisBT 1.2.12 to 1.2.15 Arbitrary Web Script Injection Vulnerability in MantisBT 1.2.14 Cross-Site Scripting (XSS) Vulnerability in MantisBT 1.2.13 Configuration Report Page Arbitrary Command Execution via Shell Metacharacters in PDF Filename Cross-Site Scripting (XSS) Vulnerability in MantisBT Configuration Report Page Denial of Service Vulnerability in Red Hat KVM Subsystem Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin 3.5.x before 3.5.8 XSS Vulnerability in Zimbra 2013's aspell.php Arbitrary File Read Vulnerability in SabreDAV HTML\Browser Plugin Insecure Input Event Access in X.Org X Server Weak Password Generation in ownCloud Server Installation Routine Cross-Site Scripting (XSS) Vulnerabilities in jPlayer.swf Component Memory Slot Allocation Vulnerability in Linux Kernel's KVM Subsystem Cookie Theft via Path Domain Matching Suffix in cURL and libcurl Insecure LD_LIBRARY_PATH Setting in Ruby193 Denial of Service Vulnerability in RESTful Web Services Module for Drupal Arbitrary Command Execution Vulnerability in kelredd-pruview Gem 0.3.8 Arbitrary Command Execution Vulnerability in md2pdf Gem 0.0.1 Arbitrary File Upload Vulnerability in Social Media Widget Plugin for WordPress Denial of Service Vulnerability in libtirpc 0.2.3 and Earlier Cross-Site Scripting (XSS) Vulnerability in MediaWiki Allows Arbitrary Web Script Injection via Lua Function Names Denial of Service Vulnerability in Xen 4.x with Intel VT-d Integer Underflow Leading to Buffer Overflow in AutoTrace 0.31.1 ASF Demuxer Remote Code Execution Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in Easy PHP Calendar 6.x and 7.x Bypassing Filesystem Restrictions via Crafted Clone System Call Bypassing Read-Only Filesystem Property via clone_mnt Function in Linux Kernel UNIX Domain Socket PID Value Control Vulnerability Privilege Escalation via Insecure Capability Requirements in Linux Kernel Heap-based Buffer Overflow in t2p_process_jpeg_strip Function in libtiff Allows Remote Code Execution Stack-based Buffer Overflow in tiff2pdf Allows Remote Denial of Service Denial of Service via File Descriptor Consumption in libvirt 1.0.5 Arbitrary Contact Download Vulnerability in ownCloud Grant Reference Release Vulnerability in Xen 4.0.x and 4.1.x Arbitrary Code Execution Vulnerability in Apache Struts Showcase App 2.0.0 through 2.3.13 Arbitrary Code Execution Vulnerability in Apache Struts 2 before 2.3.14.2 Arbitrary Script Injection Vulnerability in MediaElement.js Remote authenticated users can cause denial of service in Subversion versions before 1.6.23 and 1.7.x before 1.7.10 through newline character injection in file names. Use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions leading to denial of service and arbitrary code execution Arbitrary Script Injection in Drupal 6.x MP3 Player Module CSRF Vulnerability in elFinder File Manager Module for Drupal Improper Handling of Node Permissions in Autocomplete Widgets Module Local Privilege Escalation via Symlink Attack in Tomcat Init Scripts World-readable permissions in keystone.conf expose sensitive information in OpenStack devstack Heap-based Buffer Overflow in GIMP XWD Plug-in Allows Remote Code Execution Incorrect Credentials Passing in Linux Kernel Allows Privilege Escalation Buffer Overflow in get_dsmp function in libxmp Allows Remote Code Execution via Crafted MASI File Multiple Integer Overflows in X.org libX11 1.5.99.901 and Earlier Integer overflows leading to memory allocation and buffer overflow in X.org libXext 1.3.1 and earlier Buffer Overflow Vulnerability in X.org libXfixes 5.0 and Earlier Multiple Integer Overflows in X.org libXi 1.7.1 and Earlier: Memory Allocation and Buffer Overflow Vulnerabilities Buffer Overflow Vulnerability in X.org libXinerama 1.1.2 and Earlier Integer overflows in X.org libXrandr leading to memory allocation and buffer overflow vulnerabilities Integer overflows leading to memory allocation and buffer overflow in X.org libXrender 0.9.7 and earlier Integer overflows in X.org libXRes 1.0.6 and earlier leading to memory allocation and buffer overflow vulnerabilities Integer overflows leading to memory allocation and buffer overflow in X.org libXv Integer overflows in X.org libXvMC leading to memory allocation and buffer overflow vulnerabilities Integer overflows in libXxf86dga: Memory allocation and buffer overflow vulnerabilities Integer overflows leading to memory allocation and buffer overflow in X.org libdmx 1.1.2 and earlier Integer overflows in X.org libGLX leading to memory allocation and buffer overflow vulnerabilities Buffer overflow vulnerability in openChrome 0.3.2 and earlier versions Buffer Overflow Vulnerability in X.org libXi 1.7.1 and Earlier Buffer Overflow Vulnerability in X.org libFS 1.0.4 and Earlier Multiple Buffer Overflows in X.org libX11 1.5.99.901 (1.6 RC1) and Earlier Buffer Overflow Vulnerabilities in X.org libXi 1.7.1 and Earlier Buffer Overflow in X.org libXvMC 1.0.7 and Earlier: Denial of Service and Arbitrary Code Execution Vulnerability Buffer Overflow Vulnerabilities in X.org libXxf86dga 1.1.3 and Earlier OpenZFS Silent Failure to Enforce IPv6 Restrictions in NFS Share Export Remote Code Execution Vulnerability in Elemin Themify Framework Zero-Day Vulnerability: Z-Wave Devices Vulnerable to Traffic Spoofing Denial of Service Vulnerability in StarWind iSCSI Target Buffer Overflow Vulnerability in X.org libXxf86vm 1.1.2 and Earlier: Denial of Service and Arbitrary Code Execution Buffer Overflow Vulnerability in X.org libXt 1.1.3 and Earlier: Denial of Service and Arbitrary Code Execution Buffer Overflow Vulnerability in X.org libXcursor 1.1.13 and Earlier Denial of Service Vulnerability in X.org libX11 1.5.99.901 (1.6 RC1) and Earlier Uninitialized Pointer and Memory Corruption Vulnerability in X.org libXt OpenStack Keystone Grizzly 2013.1.1 - Plaintext Logging of Admin Token and LDAP Password Weak File Permissions in Qemu Guest Agent Allows Unauthorized Access Critical XSS Vulnerability Found in WordPress Super Cache Plugin 1.3 Critical Remote PHP Code Execution Vulnerability in WordPress WP Super Cache Plugin 1.2 Critical Remote PHP Code Execution Vulnerability in WordPress W3 Total Cache Plugin 0.9.2.8 Arbitrary Code Injection Vulnerability in WordPress W3 Super Cache Plugin Privilege Escalation Vulnerability in autojump before 21.5.8 Sensitive Information Disclosure in python-keystoneclient User Password Update Command Denial of Service Vulnerability in OpenStack Identity (Keystone) Denial of Service Vulnerability in ext4_orphan_del Function Privileged Guest User Exploitation of Virtio Device Config Space Vulnerability Denial of Service Vulnerability in Linux Kernel's veth Driver Multiple SQL Injection Vulnerabilities in BOINC Remote Code Execution Vulnerability in BOINC 6.10.58 and 6.12.34 via Multiple File Signature Elements Integer Underflow Vulnerability in ClamAV's cli_scanpe Function Out-of-Bounds Read Vulnerability in ClamAV PDF Parsing Multiple Cross-Site Scripting (XSS) Vulnerabilities in jPlayer SWF Component Arbitrary Script Injection Vulnerability in jPlayer.swf OS Command Injection Vulnerability in qs Procedure of utils Module in Chicken before 4.9.0 Arbitrary Web Script Injection Vulnerability in Ushahidi Platform 2.5.x through 2.6.1 Privilege Escalation via Class Cache Files in Jython 2.2.1 Stack-based Buffer Overflow in ngx_http_parse_chunked function in nginx 1.3.9 through 1.4.0 Arbitrary File Overwrite Vulnerability in Nagios Core 3.4.4, 3.5.1, and Earlier Insecure Temporary Directory Vulnerability in OpenStack Nova Folsom, Grizzly, and Havana Cross-Site Scripting (XSS) Vulnerability in MediaWiki before 1.19.6 and 1.20.x before 1.20.5 Vulnerability: Bypassing Password Change Restrictions in MediaWiki Arbitrary Web Script Injection Vulnerability in Jenkins Cross-Site Request Forgery (CSRF) Vulnerabilities in Jenkins Allow Remote Code Execution and Unauthorized Binary Deployment Arbitrary Code Execution via Race Condition in HawtJNI Library Arbitrary Web Script Injection Vulnerability in Filebrowser Module for Drupal SSL Certificate Spoofing Vulnerability in httplib2 NMEA0183 Driver Denial of Service and Code Execution Vulnerability Arbitrary File Access Vulnerability in ownCloud Cross-Site Scripting (XSS) Vulnerabilities in ownCloud before 5.0.6 Cross-Site Scripting (XSS) Vulnerabilities in ownCloud 5.0.x before 5.0.6 Cross-Site Scripting (XSS) Vulnerabilities in ownCloud Versions 4.0.15, 4.5.x, and 5.0.x Arbitrary Calendar Download Vulnerability in ownCloud Open Redirect Vulnerability in ownCloud Login Page (index.php) Allows for Phishing Attacks Arbitrary SQL Command Execution Vulnerability in ownCloud Server 5.0.x before 5.0.6 Arbitrary SQL Command Execution Vulnerability in ownCloud Server Insecure Autocomplete Setting on ownCloud Login Page Arbitrary API Command Execution Vulnerability in ownCloud Session Tampering Vulnerability in Red Hat CloudForms 2 Management Engine (CFME) Arbitrary SQL Command Execution in Red Hat CloudForms and ManageIQ Replay Attack Vulnerability in Tomcat 6 DIGEST Authentication Buffer Overflow in libreswan's atodn Function with Opportunistic Encryption and RSA Key Usage Buffer Overflow in atodn Function in Openswan: Remote Code Execution and DoS Buffer Overflow in atodn Function in strongSwan: Remote Code Execution and DoS Apache Wicket Information Disclosure Vulnerability Authentication Bypass Vulnerability in Red Hat Network Satellite YaBB through 2.5.2: Local File Include Vulnerability via 'guestlanguage' Cookie Parameter Denial of Service Vulnerability in Linux Kernel's USB/Ethernet Adapter Support Token Retention Vulnerability in OpenStack Identity (Keystone) Arbitrary Command Execution in OpenShift Origin's download_from_url Function Timing and Padding Oracle Vulnerability in OpenVPN 2.3.0 and Earlier Integer overflows in X.org libXp leading to memory allocation and buffer overflow vulnerabilities Buffer Overflow Vulnerability in X.org libXtst 1.2.1 and Earlier Buffer Overflow Vulnerability in X.org libxcb 1.9 and Earlier Taint Checking Bypass Vulnerability in Ruby 1.9 and 2.0 Buffer Overflow in X.org libXv Allows for Denial of Service and Arbitrary Code Execution Session Fixation Vulnerability in Apache Tomcat's Form Authentication Arbitrary File Creation and Overwrite Vulnerabilities in Red Hat CloudForms Management Engine 2.0 Empty Root Password Vulnerability in Red Hat livecd-tools Denial of Service and Information Disclosure Vulnerability in nginx's ngx_http_proxy_module Information Leakage in Apache Tomcat 7.x before 7.0.40 Buffer Overflow in Python Bindings for xc_vcpu_setaffinity in Xen 4.0.x, 4.1.x, and 4.2.x Transifex Command-Line Client Vulnerability: X.509 Certificate Spoofing Information Disclosure Vulnerability in KIO Library Allows Credential Discovery Buffer Overflow Vulnerabilities in Chicken 4.8.0.3 Vulnerability: Inconsistent Floating Point State Saving in Xen on AMD64 Processors Unrestricted XRSTOR Contents Vulnerability in Xen 4.0.x, 4.1.x, and 4.2.x Denial of Service Vulnerability in Xen Hypervisor (CVE-2013-2072) Insufficient Capability Checks in Moodle Assignment Module Allows Unauthorized Access to User Assignments Information Disclosure Vulnerability in Moodle Gradebook Overview Report Moodle Hub Registration Vulnerability Unrestricted Access to Blog Comments in Moodle Bypassing Form-Data Filtering in MoodleQuickForm Class Arbitrary File Access Vulnerability in ownCloud Server before 5.0.6 Sensitive Information Disclosure in ownCloud 5.0.x Configuration Loader Cross-Site Scripting (XSS) Vulnerabilities in Gallery 3 before 3.0.7 Arbitrary Command Execution Vulnerability in Subversion's svn-keyword-check.pl Arbitrary PHP Code Execution via Incomplete Blacklist Vulnerability in ownCloud Arbitrary Command Execution via Shell Metacharacters in Creme Fraiche Gem Arbitrary SQL Command Execution in Dolibarr ERP/CRM 3.3.1 via 'pays' Parameter in fiche.php Arbitrary Web Script Injection in Dolibarr ERP/CRM 3.3.1 Arbitrary Command Execution in Dolibarr ERP/CRM 3.3.1 Integer Data Type Vulnerability in perf_swevent_init Function Command Injection Vulnerability in Rubygem Openshift Origin Controller Denial of Service Vulnerability in OpenStack Compute (Nova) Folsom, Grizzly, and Havana Remote Command Execution Vulnerability in ZPanel through 10.1.0 Denial of Service Vulnerability in Python's ssl.match_hostname Function Insecure Certificate Verification in Gentoo Portage 2.1.12 Katello Vulnerability: Multiple Cross-Site Scripting (XSS) Issues in Various Entities Unauthenticated Access to JGroups Diagnostics Service in Red Hat JBoss Portal Remote URL Retrieval Vulnerability in OpenShift Cartridge Token Expiry Bypass and Revocation Exploit in python-keystoneclient Arbitrary Web Script Injection via Symlink Attack in Show In Browser Gem Authentication Credential Disclosure in WebAuth before 4.6.1 CSRF vulnerability in Mail On Update plugin allows hijacking of administrator authentication CSRF Vulnerability in WordPress WP Cleanfix Plugin 2.4.4 Critical Remote Code Execution Vulnerability Found in WordPress Plugin wp-cleanfix Heap-based buffer overflow in php_quot_print_encode function in PHP before 5.3.26 and 5.4.x before 5.4.16 Denial of Service Vulnerability in Dovecot IMAP Server Denial of Service Vulnerability in Subversion's svnserve Server Privilege Escalation in Foreman User Controller Arbitrary Code Execution via Unrestricted File Upload in MediaWiki Arbitrary Code Execution Vulnerability in Apache Struts 2 before 2.3.14.2 Denial of Service Vulnerability in GnuTLS 2.12.23 Arbitrary File Read Vulnerability in cgit before 0.9.2 Privilege Escalation and Editorial Control Vulnerability in SPIP 3.0.x, 2.1.x, and 2.0.x Local Privilege Escalation and Denial of Service Vulnerability in Phusion Passenger Gem Insecure Password Generation in KDE Paste Applet Allows Brute-Force Authentication Bypass Eval Injection Vulnerability in Bookmarks Controller in Foreman Arbitrary Comment Editing Vulnerability in Edit Limit Module for Drupal User Reference Field Access Vulnerability Double Free Vulnerability in LibguestFS 1.20.x - 1.23.0 OpenSMTPD SSL Session Denial of Service Vulnerability Double Free Vulnerabilities in LibRaw::unpack Function Buffer Overflow Vulnerability in LibRaw's Exposure Correction Code Denial of Service Vulnerability in Linux Kernel TCP Socket Splice System Call Handling Arbitrary Script Injection Vulnerability in Drupal Webform Module Remote Denial of Service Vulnerability in ZNC 1.0 via Crafted Requests in modules/webadmin.cpp Format String Vulnerability in rrdtool module 1.4.7 for Python Denial of Service Vulnerability in mongo-python-driver (pymongo) Allows NULL Pointer Dereference and Crash EJB Invocation Handler Bypass Vulnerability in Red Hat JBossWS Arbitrary Code Execution in Apache Struts 2 before 2.3.14.3 Double Evaluation of OGNL Code in Apache Struts 2 before 2.3.14.3 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Apache CloudStack before 4.1.1 Arbitrary Script Injection in Apache OFBiz Webtools View Log Screen Replay Attack Vulnerability in Gallery 3 before 3.0.8 Buffer Overflow Vulnerability in libsrtp Allows Remote Denial of Service Denial of Service Vulnerability in Xen Blkback Implementation Uninitialized Data Structure Vulnerability in Linux Kernel's do_tkill Function Arbitrary File Overwrite Vulnerability in libimobiledevice 1.1.4 Privilege Escalation via Unauthorized Update Roles Action in Katello 1.5.0-14 and Earlier Improper Permission Check in Red Hat Enterprise Virtualization Manager (RHEVM) Allows Disk Space Consumption Bypassing Signature Check and Arbitrary Code Execution in Module::Signature Denial of Service Vulnerability in Linux Kernel's Performance Events Subsystem Uninitialized Data Structures Vulnerability in Linux Kernel Disk-Array Drivers Uninitialized Structure Member Vulnerability in Linux Kernel's fill_event_metadata Function Cross-Site Scripting (XSS) Vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 via Shared Files Arbitrary Web Script Injection in ownCloud Viewer.js Unquoted Windows Search Path Privilege Escalation Vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 Unquoted Windows Search Path Privilege Escalation Vulnerability in SPICE Service XML Signature Bypass Issue in Apache Santuario XML Security for C++ (xml-security-c) Stack-based buffer overflow in Apache Santuario XML Security for C++ before 1.7.1 XML Signature Spoofing Vulnerability in Apache Santuario XML Security for C++ Heap-based Buffer Overflow in Apache Santuario XML Security for C++ OpenStack Keystone LDAP Authentication Bypass Vulnerability CSRF Vulnerability in Services Module for Drupal Monkey HTTP Daemon: User Name Authentication Vulnerability Denial of Service Vulnerability in Apache CXF Streaming XML Parser XML Injection Vulnerability in OpenStack Swift Account Utils MySQL Server 5.5 post-installation script creates world-readable configuration file, leading to sensitive information exposure Denial of Service Vulnerability in Monkey HTTP Daemon (monkeyd) 1.2.2 and earlier Sensitive Information Disclosure via Malfunctioning CD-ROM Drive Arbitrary Code Execution via Deserialization in RichFaces Middleware Memcache Encryption Bypass in python-keystoneclient 0.2.3 to 0.2.5 Middleware Memcache Signing Bypass in python-keystoneclient 0.2.3 to 0.2.5 Denial of Service Vulnerability in D-Bus Privilege Escalation via Improper Write Access Check in FreeBSD 9.0 through 9.1-RELEASE-p4 Arbitrary Weak Canonicalization Algorithm Spoofing in Apache Santuario XML Security for Java Denial of Service Vulnerability in WordPress 3.5.1 Heap-based Buffer Overflow in curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 Denial of Service Vulnerability in HAProxy with Negative Occurrence Count Unquoted Windows Search Path Vulnerability in RHEV-APT Arbitrary Script Injection Vulnerability in Display Suite Module for Drupal Fail2ban Log Validation Vulnerability X.Org xdm Authentication Denial of Service Vulnerability Arbitrary Web Script Injection Vulnerability in Monkey HTTP Daemon Directory Listing Plugin Bypassing Access Restrictions in Mandril Security Plugin in Monkey HTTP Daemon Local Security Bypass Vulnerability in Monkey HTTP Daemon Arbitrary Code Execution in Movable Type before 5.2.6 via comment_state Parameter Arbitrary File Write Vulnerability in DiskFileItem Class Arbitrary File Write Vulnerability in Apache Commons FileUpload Apache Archiva XSS Vulnerability in Home Page Parameters Denial of Service Vulnerability in Red Hat Enterprise Linux 6 Memory Corruption Vulnerability in Apache OpenOffice.org (OOo) Vulnerability: Clutter Device Manager XI2 Disappeared Device Handling Allows Unauthorized Access X.509 Certificate Validation Vulnerability in python-bugzilla before 0.9.0 Kerberos Downgrade Vulnerability in Apache Hadoop Apache HBase Kerberos Authentication Bypass Vulnerability Integer overflows in Elf parser in Xen 4.2.x and earlier Unspecified Impact Vulnerability in Xen's Elf Parser (libelf) Unspecified vulnerabilities in Xen Elf Parser (libelf) Denial of Service Vulnerability in Login Security Module for Drupal Bypassing Login Security Restrictions via Crafted Username Server-Side Request Forgery (SSRF) Vulnerability in WordPress before 3.5.2 Role-based Access Control Bypass in WordPress 3.5.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in WordPress before 3.5.2 XML External Entity (XXE) Vulnerability in WordPress before 3.5.2 Sensitive Information Disclosure in WordPress 3.5.2 Arbitrary Parameter Injection in Moxiecode Moxieplayer Unrestrictive security.allowDomain setting in SWFUpload allows for XSS attacks in WordPress before 3.5.2 Denial of Service Vulnerability in Linux Kernel SCTP Implementation Privilege Escalation via Insecure Permissions Checking in pt_chown of GNU C Library Remote Code Execution in TPP 1.3.1 via --exec Command in Template File Cross-site scripting (XSS) vulnerability in Review Board auto-complete widget in reviews.js Heap-based Buffer Overflow in Apache Santuario XML Security for C++ (xml-security-c) Allows Arbitrary Code Execution Weak Permissions in Xen libxl Toolstack Library for Xenstore Keys Denial of Service Vulnerability in Xen's vmx_set_uc_mode Function Predictable Random Number Generation in KDE Paste Applet Information Disclosure Vulnerability in Nagios 4.0 and 3.x Symlink Attack Vulnerability in Suds 0.4's cache.py Double Free Vulnerability in libvirt's virConnectListAllInterfaces Method Inadequate Access Restriction in Red Hat Directory Server and 389 Directory Server Allows Information Disclosure Buffer Overflow in radius_get_vendor_attr function in PHP Radius Extension Heap-based Buffer Overflow in ZRtp::storeMsgTemp Function in GNU ZRTPCPP Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 Uninitialized Heap Memory Disclosure and Denial of Service in GNU ZRTPCPP Denial of Service and Privilege Escalation Vulnerability in Red Hat Enterprise Linux 6 Kernel Arbitrary PHP Object Unserialization in GLPI 0.83.9 and Earlier Multiple SQL Injection Vulnerabilities in GLPI before 0.83.9 Local File Inclusion Vulnerability in GLPI 0.83.7 common.tabs.php Remote RSA Key Generation Vulnerability in SaltStack Denial of Service Vulnerability in libvirt's QEMU Driver Unquoted Windows Search Path Privilege Escalation Vulnerability in QEMU Guest Agent Service Denial of Service Vulnerability in Linux Kernel's ip6_sk_dst_check Function Insecure SSH Host Key Caching in Ansible Uninitialized Structure Members in key_notify_sa_flush and key_notify_policy_flush Functions in Linux Kernel Stack-based Buffer Overflow in OSPF API in Quagga Uninitialized Structure Member Vulnerability in Linux Kernel's key_notify_policy_flush Function Buffer Overflow Vulnerabilities in FreeSWITCH 1.2's switch_perform_substitution Function Uninitialized Length Variables Vulnerability in OpenVZ Modification for Linux Kernel 2.6.32 Unspecified Impact Vulnerability in Gallery 3 before 3.0.9 Access Restriction Bypass Vulnerability in Gallery 3 before 3.0.9 Bypassing Access Restrictions in Moodle Chat Server Sensitive Answer Information Disclosure in Moodle Matching Activity Cross-Site Scripting (XSS) Vulnerabilities in Moodle 2.4.x and 2.5.x Improper Implementation of RSS Tokens in Moodle Allows Information Disclosure Information Disclosure Vulnerability in Moodle's Feedback Module Unrestricted Access to Permissions Edit Form in Fast Permissions Administration Module for Drupal Open Redirect Vulnerabilities in Apache Struts 2.0.0 through 2.3.15 Apache HTTP Server mod_session_dbd.c Session Save Operations Vulnerability Remote Code Execution via Unified Expression Language (UEL) in Apache OFBiz Arbitrary OGNL Expression Execution in Apache Struts 2.0.0 - 2.3.15 Infinite Loop Denial of Service Vulnerability in Apache Sling Server-side SSL certificate validation failure in OpenStack Keystone and Compute OpenStack Compute (Nova) Vulnerability: Unauthorized Access to Flavor Properties and Arbitrary Flavor Booting Cryptocat Group Chat ECC Private Key Generation Brute Force Weakness Cryptocat 2.0.22 and Earlier: Nickname User Impersonation Vulnerability Arbitrary Code Execution Vulnerability in Cryptocat (before 2.0.22) on Firefox Cryptocat before 2.0.22: Weak Entropy in Cryptocat.random() Function Array Key Information Disclosure in Cryptocat Chrome Extension 'img/keygen.gif' Information Disclosure Vulnerability in Cryptocat Strophe.js (<= 2.0.22) Unspecified Remote Access Vulnerability in Citrix Access Gateway Standard Edition 5.0.x SIP Channel Driver Account Enumeration Vulnerability Memory Consumption Denial of Service Vulnerability in ISC BIND 9.7.x and 9.8.x Arbitrary Code Execution Vulnerability in FUDforum Bulletin Board Software 3.0.4 Unspecified MathML Vulnerability in WebKit: Remote Attack Vector Bypassing Access Restrictions and Unauthorized Sponsor Approval in Aruba Networks ClearPass and Amigopod/ClearPass Guest Arbitrary Code Injection via Cross-Site Scripting (XSS) in Airvana HubBub C1-600-RT and Sprint AIRAVE 2.5 Administration Page D-Link DSL-2740B Gateway Firmware EU_1.0 Authentication Bypass Vulnerability Wallet Address and IP Address Association Disclosure Vulnerability Information Disclosure Vulnerability in Bitcoin Core Arbitrary Code Execution Vulnerability in Puppet 2.6.x and Puppet Enterprise 1.2.x Remote authenticated nodes can submit reports for other nodes in Puppet Out-of-bounds array access and application crash vulnerability in FFmpeg's avcodec_decode_audio4 function Out-of-bounds Array Access and Application Crash in FFmpeg's h264_ps.c Unspecified Denial of Service and Arbitrary Code Execution Vulnerability in War FTP Daemon XML Signature Verification Bypass in CA SiteMinder Federation and Agent for SharePoint Cross-Site Scripting (XSS) Vulnerabilities in Uploader Plugin 1.0.4 for WordPress Arbitrary Web Script Injection in Batavi 1.2.2 Admin Panel ArubaOS Administration WebUI Cross-Site Scripting (XSS) Vulnerability Denial of Service Vulnerability in bitcoind and Bitcoin-Qt 0.8.0 and Earlier Denial of Service Vulnerability in CTransaction::FetchInputs Method Multiple Cross-Site Scripting (XSS) Vulnerabilities in ViewGit before 0.0.7 Authorization Bypass in Walrus Bucket Operations Blank Root Password Vulnerability in Eucalyptus EuStore Stack-based buffer overflows in BOINC XML Parser: Unspecified Impact via Crafted XML File Unspecified Cross-Site Scripting (XSS) Vulnerability in Advantech WebAccess Weak Permissions in FlickWnn Android App Allow Unauthorized Access to Sensitive Information Weak Permissions in OMRON OpenWnn Application for Android Allow Unauthorized Access to Sensitive Information Information Disclosure Vulnerability in TransWARE Active! mail 6 SSL Lock Icon and Address-Bar Color Spoofing Vulnerability in Sleipnir 4.0.0.4000 and Earlier on Windows Arbitrary Extension API Loading and Information Disclosure in Sleipnir Mobile Application for Android CSRF Vulnerability in Cybozu Office, Dezie, and Mailwise Allows Password Hijacking Address Bar Spoofing Vulnerability in Jigbrowser+ Application for Android Address Bar Spoofing Vulnerability in Yahoo! Browser Application for Android Password Discovery Vulnerability in SoftBank Online Service Gate Arbitrary Web Script Injection in OpenPNE Management Screen via Mobile Version Color Scheme Vulnerability in SoftBank Wi-Fi Spot Configuration Software Allows Remote Information Disclosure Arbitrary Script Injection in Web2py Social Bookmarking Widget Arbitrary Script Injection in LOCKON EC-CUBE Shopping Cart Screen Session Fixation Vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 Arbitrary Code Injection via Crafted URL in LOCKON EC-CUBE Improper Input Validation in Password Reminder Function in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 Address Bar Spoofing Vulnerability in Yahoo! Browser Application for Android Address Bar Spoofing Vulnerability in Sleipnir Mobile Application for Android Twitter Account Hijacking Vulnerability in MovatwiTouch Application Unverified X.509 Certificate Vulnerability in FileMaker Pro and Pro Advanced before 12 Arbitrary Web Script Injection Vulnerability in HP Service Manager Web Tier 9.31 HP SQL/MX 3.2 and Earlier on NonStop Servers SQL/MP Objects Information Disclosure Vulnerability SQL/MP Tables Access Bypass Vulnerability Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector Sensitive Information Disclosure in HP Service Manager and ServiceCenter Arbitrary Web Script Injection Vulnerability in HP Service Manager and ServiceCenter Remote Code Execution Vulnerability in HP Integrated Lights-Out (iLO) Cards Local Privilege Escalation Vulnerability in HP Smart Zero Core 4.3 and 4.3.1 on Thin Clients Unspecified Remote Code Execution and Information Disclosure Vulnerability on HP ProCurve, HP 3COM, and HP H3C Routers and Switches Unspecified Remote Code Execution and Information Disclosure Vulnerability on HP ProCurve, HP 3COM, and HP H3C Routers and Switches Default Password Vulnerability in HP StoreOnce D2D Backup System Unspecified Remote Code Execution Vulnerability in HP LeftHand Virtual SAN Appliance Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector 6.2X (ZDI-CAN-1866) Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector 6.2X (ZDI-CAN-1869) Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector 6.2X (ZDI-CAN-1870) Remote Code Execution Vulnerability in HP Storage Data Protector 6.2X (ZDI-CAN-1885) Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector 6.2X (ZDI-CAN-1892) Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector 6.2X (ZDI-CAN-1896) Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector 6.2X (ZDI-CAN-1897) Unspecified Remote Code Execution Vulnerability in HP Network Node Manager i (NNMi) 9.00, 9.1x, and 9.2x HP StoreVirtual Storage Devices Vulnerability: Unauthorized Administrative Access via Unused One-Time Password Unspecified Denial of Service Vulnerability in HP StoreOnce D2D Backup System Unspecified Remote Access Restriction Bypass Vulnerability in HP System Management Homepage (SMH) Unspecified Information Disclosure Vulnerability in HP System Management Homepage (SMH) Unspecified Denial of Service Vulnerability in HP System Management Homepage (SMH) before 7.2.1 Unspecified Denial of Service Vulnerability in HP System Management Homepage (SMH) before 7.2.1 Unspecified Denial of Service Vulnerability in HP System Management Homepage (SMH) before 7.2.1 Unspecified Denial of Service Vulnerability in HP System Management Homepage (SMH) before 7.2.1 Arbitrary Web Script Injection Vulnerability in HP System Management Homepage (SMH) Unspecified Denial of Service Vulnerability in HP System Management Homepage (SMH) before 7.2.1 (ZDI-CAN-1676) Unspecified Information Disclosure Vulnerability in HP System Management Homepage (SMH) before 7.2.1 Arbitrary Web Script Injection in HP System Management Homepage (SMH) Unspecified Remote Information Disclosure Vulnerability in HP DMA 10.x Unspecified Remote Code Execution and Information Disclosure Vulnerability in HP Business Process Monitor 9.13.1 and 9.22 Patch 1 (ZDI-CAN-1802) Unspecified Remote Code Execution Vulnerabilities in HP SiteScope 11.20 and 11.21 (ZDI-CAN-1678) Unspecified Denial of Service Vulnerability in HP LoadRunner (ZDI-CAN-1669) Unspecified Remote Code Execution Vulnerability in HP LoadRunner (ZDI-CAN-1670) Unspecified Remote Code Execution Vulnerability in HP LoadRunner (ZDI-CAN-1671) Unspecified HTTP Request Information Disclosure Vulnerability in TIBCO Spotfire Statistics Services Arbitrary Web Script Injection Vulnerability in TIBCO Spotfire Web Player Access Control Vulnerability in TIBCO Spotfire Web Player Versions 3.3.x - 5.0.x Unspecified Integrity Vulnerability in PeopleSoft Enterprise PeopleTools Component Unspecified Remote Vulnerability in Oracle MySQL Unspecified Stored Procedure Vulnerability in Oracle MySQL 5.5.30 and Earlier Unspecified Confidentiality Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified Information Schema Vulnerability in Oracle MySQL Unspecified Integrity Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified Remote Code Execution Vulnerability in Oracle JRockit Component Unspecified Integrity Vulnerability in Oracle MySQL 5.6.10 and Earlier Unspecified vulnerability in Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1: Confidentiality Impact via BASE Vectors Unspecified vulnerability in Java Runtime Environment (JRE) component allowing remote attackers to affect confidentiality, integrity, and availability Unspecified vulnerability in Java Runtime Environment (JRE) component allowing remote attackers to affect confidentiality, integrity, and availability Unspecified Confidentiality Vulnerability in Oracle FLEXCUBE Direct Banking Component Unspecified vulnerability in Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 Unspecified vulnerability in Oracle FLEXCUBE Direct Banking component allows remote authenticated users to affect confidentiality and integrity Unspecified Remote Code Execution Vulnerability in Oracle E-Business Suite Unspecified Remote Availability Vulnerability in Oracle MySQL Unspecified Remote Integrity Vulnerability in Oracle WebLogic Server Unspecified Local Vulnerability in Oracle MySQL Server Install Unspecified Remote Availability Vulnerability in Oracle MySQL Server Optimizer Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4.0 Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality, integrity, and availability Unspecified Remote Availability Vulnerability in Oracle MySQL 5.6.10 and Earlier Unspecified Remote Integrity Vulnerability in Oracle Applications Manager Unspecified vulnerability in Oracle Retail Central Office component allows remote authenticated users to compromise confidentiality and integrity Unspecified vulnerability in Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified vulnerability in Siebel Call Center component allows remote authenticated users to compromise confidentiality via Email - COMM Server Components. Unspecified Remote Integrity Vulnerability in Oracle Java SE 7 Update 21 and Earlier Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Unspecified Remote Integrity Vulnerability in PeopleSoft Enterprise PeopleTools Unspecified Confidentiality Vulnerability in Siebel Enterprise Application Integration Component Unspecified Remote Integrity Vulnerability in Oracle PeopleSoft Products Unspecified Remote Code Execution Vulnerability in Primavera P6 Enterprise Project Portfolio Management Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality and availability Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component allows remote attackers to compromise confidentiality Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise HRMS Component Unspecified Remote Integrity Vulnerability in Primavera P6 Enterprise Project Portfolio Management Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality Unspecified Web Services Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified vulnerability in Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier Unspecified vulnerability in Java Runtime Environment (JRE) component allows local users to compromise confidentiality Unspecified Remote Code Execution Vulnerability in Oracle Java SE 7 Update 17 and earlier Unspecified Networking Vulnerability in Java Runtime Environment (JRE) Unspecified vulnerability in Java Runtime Environment (JRE) component allows local users to affect confidentiality, integrity, and availability Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect availability via unknown vectors related to 2D Unspecified 2D Vulnerability in Java Runtime Environment (JRE) Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to bypass Java sandbox restrictions Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to bypass Java sandbox Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect integrity via unknown vectors related to HotSpot Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality via JMX vectors Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to affect confidentiality, integrity, and availability Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to bypass Java sandbox Unspecified vulnerability in Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier Unspecified vulnerability in Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to bypass Java sandbox Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality, integrity, and availability Unspecified Remote Code Execution Vulnerability in Java Runtime Environment (JRE) Unspecified 2D-related vulnerability in Oracle Java SE and JavaFX Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability Unspecified vulnerability in Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7 Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to compromise confidentiality Unspecified Remote Integrity Vulnerability in Oracle Java SE 7 Update 17 and Earlier Unspecified vulnerability in Java Runtime Environment (JRE) component allows local users to affect confidentiality, integrity, and availability Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability Unspecified Integrity Vulnerability in Oracle Supply Chain Products Suite Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability Unspecified vulnerability in Java Runtime Environment (JRE) component allowing remote attackers to affect confidentiality Unspecified vulnerability in Java Runtime Environment (JRE) component allowing remote attackers to affect availability via AWT vectors Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect availability via unknown vectors related to Hotspot Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to compromise confidentiality via CORBA-related vectors Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality via Networking vectors Unspecified Sound-related Vulnerability in Java Runtime Environment (JRE) Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect confidentiality Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect availability via unknown vectors related to Serialization Unspecified vulnerability in Java Runtime Environment (JRE) component allowing local users to affect confidentiality, integrity, and availability via Networking vectors Unspecified vulnerability in Java Runtime Environment (JRE) component allowing remote attackers to affect confidentiality Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect integrity via JMX vectors Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to bypass Java sandbox Unspecified vulnerability in Java Runtime Environment (JRE) component allowing remote attackers to affect confidentiality Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to affect confidentiality via unknown vectors related to Serialization Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to affect integrity via JMX vectors Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to bypass Java sandbox Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to bypass Java sandbox via integer overflow checks Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to bypass Java sandbox via insufficient access checks in tracing component Unspecified vulnerability in Java Runtime Environment (JRE) and Oracle JRockit components allows remote attackers to bypass XML signature verification Unspecified vulnerability in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to bypass Java sandbox via Incorrect image attribute verification in 2D. Unspecified vulnerability in Java Runtime Environment (JRE) component in Oracle Java SE - Remote Code Execution Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to bypass Java sandbox via Incorrect image channel verification in 2D. Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability Unspecified vulnerability in Java Runtime Environment (JRE) component allows local users to compromise system security via unknown vectors in Java installer Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to bypass Java sandbox via Incorrect image layout verification in 2D. Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to bypass Java sandbox via ImagingLib byte lookup processing vectors Unspecified vulnerability in Java Runtime Environment (JRE) component allows remote attackers to bypass Java sandbox Unspecified vulnerability in Java Runtime Environment (JRE) component allowing remote attackers to bypass Java sandbox Unspecified vulnerability in Java Runtime Environment (JRE) component allowing remote attackers to bypass Java sandbox via Incorrect ByteBandedRaster size checks in 2D AWS XMS 2.5 Directory Traversal Vulnerability Denial of Service Vulnerability in Wireshark TCP Dissector Denial of Service Vulnerability in HART/IP Dissector in Wireshark 1.8.x CSN.1 Dissector Function Pointer Vulnerability Denial of Service Vulnerability in Wireshark MS-MMS Dissector Denial of Service Vulnerability in Wireshark MPLS Echo Dissector Denial of Service Vulnerability in Wireshark RTPS and RTPS2 Dissectors Integer Signedness Error in Mount Dissector in Wireshark 1.6.x and 1.8.x Allows Remote Denial of Service Denial of Service Vulnerability in Wireshark AMPQ Dissector ACN dissector in Wireshark 1.6.x and 1.8.x allows remote attackers to cause a denial of service Denial of Service Vulnerability in Wireshark CIMD Dissector Denial of Service Vulnerability in Wireshark FCSP Dissector Integer Overflow Vulnerability in Wireshark RELOAD Dissector Incorrect Integer Data Types Vulnerability in RELOAD Dissector in Wireshark 1.8.x before 1.8.6 DTLS Dissector Denial of Service Vulnerability Firebird Remote Code Execution Vulnerability Denial of Service Vulnerability in Google Chrome Frame Plugin Memory Consumption Denial of Service Vulnerability in ISC DHCP 4.2.x before 4.2.5-P1 Integer Overflow and Out-of-Bounds Array Access Vulnerability in libavformat in FFmpeg Out-of-bounds array access vulnerability in FFmpeg's msrle_decode_8_16_24_32 function SQL Injection Vulnerability in SimpleHRM Login Page Authentication Bypass Vulnerability in SimpleHRM 2.3 and Earlier Terillion Reviews Plugin XSS Vulnerability Proxy Spoofing Vulnerability in Privoxy Arbitrary Web Script Injection Vulnerability in Matrix42 Service Store 5.3 SP3 Arbitrary Role Assignment Vulnerability in Spree 1.1.x - 1.3.x Cross-Site Scripting (XSS) Vulnerabilities in Brother MFC-9970CDW Printer Firmware G (1.03) Remote Code Execution in ftpd gem 0.2.1 for Ruby via Shell Metacharacters in FTP Protocol Traffic Command Execution Vulnerability in flash_tool Gem Command Injection Vulnerability in FileUtils v0.7 Ruby Gem Improper String Copying in Linux Kernel Crypto User Configuration API Uninitialized Structure Members Vulnerability in Linux Kernel Crypto User Configuration API Incorrect Length Value in crypto_report_one Function Allows Local Users to Obtain Sensitive Information from Kernel Memory Remote Code Execution Vulnerability in Adobe Reader 11.0.02 Sandbox Bypass Vulnerability in Adobe Reader 11.0.02 Internet Explorer Use-After-Free Remote Code Execution Vulnerability Bypassing Sandbox Protection in Microsoft Internet Explorer 10 on Windows 8 Unspecified Privilege Escalation Vulnerability in Microsoft Windows 7 Kernel Unspecified ASLR and DEP Bypass Vulnerability in Microsoft Windows 7 Arbitrary Code Execution via Integer Overflow in Adobe Flash Player and Adobe AIR ASLR Security Feature Bypass Vulnerability in Microsoft Windows Vista, Server 2008, and Windows 7 Sandbox Bypass Vulnerability in Microsoft Internet Explorer 9 Denial of Service Vulnerability in Microsoft Windows 8 via Crafted TrueType Font (TTF) File SQL Injection Vulnerability in Symphony CMS before 2.3.2 Allows Remote Code Execution Foscam Web Interface Directory Traversal Vulnerability Symlink Attack Vulnerability in OpenFabrics ibutils 1.5.7 Clear-text Storage of MySQL Database Password in Mambo CMS 4.6.5 World-readable permissions on configuration.php in Mambo CMS 4.6.5 allows local users to obtain admin password hash Denial of Service Vulnerability in Mambo CMS 4.6.5 via Crafted File Upload Root Path Disclosure Vulnerability in Mambo CMS v4.6.5 RC4 Algorithm Vulnerability: Statistical Analysis Enables Plaintext-Recovery Attacks in TLS and SSL Protocols Zavio IP Cameras Authentication Bypass Vulnerability Zavio IP Cameras Command Injection Vulnerability Zavio IP Cameras Security Bypass Vulnerability: Unauthorized Access to Live Video Stream Zavio IP Cameras Command Injection Vulnerability Arbitrary Command Execution in Iris 3.8 POS Systems via Crafted TCP Request Default Hard-Coded Credentials Vulnerability in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 Command Injection Vulnerability in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, and 4171G 1.6.18P12s Insufficient Access Restrictions in FOSCAM IP Camera FI8620: A Gateway for Unauthorized Information Retrieval Artweaver AWD File Buffer Overflow Vulnerability Buffer Overflow Vulnerability in XnView 2.04: Remote Code Execution via Crafted PCT File Arbitrary Command Execution Vulnerability in TP-Link IP Cameras Empty Password Vulnerability in TP-Link IP Cameras Unrestricted File Upload Vulnerability in TP-Link IP Cameras Firmware Revision Modification Vulnerability in TP-Link IP Cameras CRLF Injection Vulnerability in Open-Xchange AppSuite and Server Multiple Cross-Site Scripting (XSS) Vulnerabilities in Open-Xchange AppSuite and Server Arbitrary Web Script Injection in Atmail Webmail Server Cross-Site Scripting (XSS) Vulnerability in XAMPP 1.8.1 via xampp/lang.php SQL Injection Vulnerability in Hornbill Supportworks ITSM Unrestricted Mmap Interface Privilege Escalation Vulnerability in MSM Camera Driver Integer Overflow in fb_mmap Function in Linux Kernel Allows Privilege Escalation Stack-based Buffer Overflow in acdb_ioctl Function in Linux Kernel Signature-Verification Code Overwrite Vulnerability in Little Kernel (LK) Bootloader Debug Logging Vulnerability in NativeDaemonConnector Class Information Disclosure Vulnerability in MiniUPnPd's snprintf() Function Arbitrary Command Execution Vulnerability in Citrix XenClient XT Multiple array index errors in MyHeritage SEQueryObject ActiveX control (SearchEngineQuery.dll) 1.0.2.0: Remote Code Execution Vulnerability Type Conversion Vulnerability in RealNetworks GameHouse RealArcade Installer 2.6.0.481 Weak Permissions in RealNetworks GameHouse RealArcade Installer Remote Command Injection Vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 Arbitrary Command Execution in fastreader Gem 1.0.8 Arbitrary Command Execution via Shell Metacharacters in MiniMagick Gem 1.3.1 Arbitrary Command Execution via Shell Metacharacters in Curl Gem for Ruby Arbitrary Web Script Injection in Network Weathermap's editor.php Aspen Directory Traversal Vulnerability Open Redirection Vulnerability in Telaen redir.php Script Allows Remote Attackers to Redirect Users Arbitrary Web Script Injection in UebiMiau 2.7.11 and Earlier via selected_theme Parameter in error.php Arbitrary Web Script Injection in Telaen 1.3.1 via f_email Parameter Full Path Disclosure Vulnerability in Telean before 1.3.1 Access Bypass Vulnerability in OTRS Help Desk, OTRS ITSM, and FAQ SQL Injection Vulnerability in Leed (Light Feed) Action.php Cross-Site Request Forgery (CSRF) Vulnerabilities in Leed (Light Feed) Action.php Authorization Bypass Vulnerability in Leed (Light Feed) Unspecified Cross-Site Scripting (XSS) Vulnerability in CA Service Desk Manager 12.5 through 12.7 Full Path Disclosure Vulnerability in TinyWebGallery (TWG) 1.8.9 and Earlier Denial of Service Vulnerability in Google V8 (CVE-2013-2852) Piwik before 1.11 Vulnerability: Information Disclosure via POST Request Logging Uninitialized Structure Vulnerability in Linux Kernel Uninitialized Structure Member Vulnerability in rtnl_fill_ifinfo Function Uninitialized Structure Vulnerability in Linux Kernel Remote Code Execution Vulnerability in OTRS ITSM and FAQ Arbitrary Script Injection in CTERA Cloud Storage OS Unrestricted Access and Cross-Site Scripting (XSS) Vulnerability in MailUp Plugin for WordPress Arbitrary File Read Vulnerability in Sophos Web Appliance Arbitrary Command Execution in Sophos Web Appliance Multiple Cross-Site Scripting (XSS) Vulnerabilities in Sophos Web Appliance before 3.7.8.2 Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in TP-LINK WR1043N Router Firmware TL-WR1043ND_V1_120405 Unspecified Denial of Service Vulnerability in TP-LINK TL-WR1043ND V1_120405 Devices Arbitrary Web Script Injection in BoltWire 3.5 and Earlier CRLF Injection Vulnerability in WebCollab 3.30 and Earlier SilverStripe 3.0.3 MemberLoginForm Phishing Vulnerability Arbitrary Web Script Injection Vulnerability in Brother MFC-9970CDW Printer Cross-Site Scripting (XSS) Vulnerabilities in Brother MFC-9970CDW Printer Firmware L (1.10) Clear-text Password Submission Vulnerability in Brother MFC-9970CDW Firmware 0D Security Bypass Vulnerability in Brother MFC-9970CDW 1.10 Firmware L Devices Information Disclosure Vulnerability in Brother MFC-9970CDW 1.10 Firmware L Devices Brother MFC-9970CDW Firmware L Clickjacking Vulnerability Information Disclosure Vulnerability in Brother MFC-9970CDW 1.10 Firmware L Devices Local File Include Vulnerability in Cisco Linksys E4200 Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Linksys E4200 Router Firmware 1.0.05 Build 7 Clear-text Password Storage Vulnerability in Cisco Linksys E4200 1.0.05 Build 7 Devices Cisco Linksys E4200 1.0.05 Build 7 Security Bypass Vulnerability Clickjacking Vulnerability in Cisco Linksys E4200 1.0.05 Build 7 Devices: Remote Information Disclosure Information Disclosure Vulnerability in Cisco Linksys E4200 1.0.05 Build 7 Devices Arbitrary Web Script Injection Vulnerability in Cisco Linksys E4200 1.0.05 Build 7 Stack-based Buffer Overflow in Asterisk Open Source 11.x before 11.2.2 via H.264 SDP Header Denial of Service (DoS) vulnerability in Asterisk Open Source and Certified Asterisk Stack-based Buffer Overflow in bpe_decompress Function in BlackBerry QNX Neutrino RTOS and QNX Momentics Tool Suite Buffer Overflow in phrelay in BlackBerry QNX Neutrino RTOS: Remote Code Execution Vulnerability SQL Injection Vulnerability in SynConnect 2.0 Allows Remote Code Execution Remote Code Execution Vulnerability in jetAudio 8.0.17 via Crafted MPEG2-TS Video File CSRF Vulnerability in OpenVPN Access Server Allows Authentication Hijacking CSRF Vulnerability in WP-Print Plugin Allows Remote Authentication Hijacking Open Redirect Vulnerability in WP Symposium Plugin 13.04 for WordPress Arbitrary Script Injection in WP Symposium Plugin's invite.php CSRF Vulnerability in All in One Webmaster Plugin Allows Remote User Hijacking CSRF Vulnerability in WP-DownloadManager Plugin Allows User Hijacking and XSS Insertion CSRF Vulnerability in WordPress Calendar Plugin Allows Unauthorized Calendar Entry Addition CSRF Vulnerability in underConstruction Plugin for WordPress Allows Remote Deactivation CSRF Vulnerability in WP125 Plugin Allows Remote Authentication Hijacking CSRF Vulnerability in Social Sharing Toolkit Plugin 2.1.1 for WordPress Easy AdSense Lite Plugin CSRF Vulnerability CSRF Vulnerability in Facebook Members Plugin for WordPress Allows Authentication Hijacking CSRF Vulnerability in Dropdown Menu Widget Plugin 1.9.1 for WordPress Allows Remote XSS Hijacking CSRF vulnerability in WordPress Simple Paypal Shopping Cart plugin allows remote attackers to hijack administrator authentication CSRF Vulnerability in Stream Video Player Plugin 1.4.0 for WordPress CSRF Vulnerability in Login With Ajax Plugin for WordPress Allows Unauthorized Settings Modification CSRF Vulnerability in Content Slide Plugin 1.4.2 for WordPress FourSquare Checkins Plugin CSRF Vulnerability CSRF Vulnerability in Contextual Related Posts Plugin for WordPress Arbitrary Script Injection in KrisonAV CMS 3.0.2 CSRF Vulnerability in KrisonAV CMS Allows Remote Account Hijacking Arbitrary Web Script Injection Vulnerability in WordPress podPress Plugin 8.8.10.13 Arbitrary Script Injection in Drupal Search API Module Lack of Randomized Secret in Puppet Enterprise CAS Client Config File Vulnerability Unspecified Vulnerabilities in EMC Smarts Network Configuration Manager (NCM) Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat 9.x, 10.x, and 11.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat 9.x, 10.x, and 11.x Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Unspecified Vector Information Disclosure Vulnerability in Adobe Reader and Acrobat Critical SQL Injection Vulnerability in minidlna Allows Unauthorized File Retrieval Heap-Based Buffer Overflow in MiniDLNA Unauthenticated File Manipulation and Information Disclosure in BackupBuddy Plugin for WordPress Incomplete Self-Deletion Vulnerability in BackupBuddy Plugin for WordPress Authentication Bypass Vulnerability in BackupBuddy Plugin for WordPress Information Disclosure Vulnerability in BackupBuddy Plugin 2.2.25 for WordPress SQL Injection Vulnerability in MiniDLNA prior to 1.1.0 Bypassing Internet Explorer Usage Restrictions in Courion Access Risk Management Suite Version 8 Update 9 Arbitrary File Upload Vulnerability in Belkin Wemo Switch Arbitrary Web Script Injection Vulnerability in e107 Content Preset Handler Eval Injection Vulnerability in NETGEAR ReadyNAS FrontView Web Interface CSRF Vulnerability in NETGEAR ReadyNAS RAIDiator Allows User Authentication Hijacking CSRF Vulnerability in Umisoft UMI.CMS Allows Unauthorized Account Creation Authentication Bypass in Apache CloudStack and Citrix CloudPlatform Improper Access Restriction to VNC Ports in Citrix CloudPlatform 3.0.x Predictable Console Access URL in Apache CloudStack and Citrix CloudPlatform Buffer Overflow Vulnerability in Groovy Media Player 3.2.0 Denial of Service Vulnerability in Schneider Electric M340 PLC Modules via Crafted FTP Traffic Default Password Vulnerability in Schneider Electric Magelis XBT HMI Controller Unspecified Remote Denial of Service Vulnerability in Schneider Electric M340 PLC Modules URI Redirection Vulnerability in Secure Entry Server 4.7.0 and earlier Denial of Service Vulnerability in ModSecurity Module for Apache HTTP Server Unspecified Cross-Site Scripting (XSS) Vulnerability in Splunk Web Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allowing remote bypass of intranet access restrictions. Unverified SSL Certificate Vulnerability in Novell Kanaka Component Nitro PDF 8.5.0.26 DLL File Arbitrary Code Execution Vulnerability Vulnerability: Unauthorized Terminal Hijacking in sudo Local privilege escalation vulnerability in sudo CSRF vulnerability in PHP Address Book 8.2.5 allows unauthorized account deletion Denial of Service vulnerability in Cisco IOS XE 3.4 and 3.5-3.7 on ASR 1000 Series Routers Denial of Service Vulnerability in Siemens SIMATIC S7-1200 PLCs via Crafted SNMP Packets 3S CODESYS Gateway 2.3.9.27 Server Application Use-After-Free Vulnerability Shared AES Encryption Key in Schneider Electric Trio J-Series License Free Ethernet Radio Firmware 3.6.0-3.6.3 Denial of Service and Unspecified Control Vulnerability in DNP3 Driver of IOServer Drivers 1.0.19.0 Incorrect Bounds Checking Algorithm in Triangle Research International Nano-10 PLC Devices Allows Remote Denial of Service Multiple Buffer Overflows in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and Proficy Process Systems Weak Permissions in Alstom Grid MiCOM S1 Agile and S1 Studio: Privilege Escalation Vulnerability Denial of Service Vulnerability in Alstom e-terracontrol 3.5, 3.6, and 3.7 DNP3 Slave Service Denial of Service Vulnerability in SUBNET Solutions SubSTATION Server Denial of Service Vulnerability in Kepware DNP Master Driver Denial of Service Vulnerability in IOServer's DNP3 Driver Denial of Service Vulnerability in MatrikonOPC SCADA DNP3 OPC Server 1.2.0 Denial of Service Vulnerability in SEL-2241, SEL-3505, and SEL-3530 RTAC Master Devices via Crafted DNP3 TCP Packet Denial of Service Vulnerability in Triangle MicroWorks SCADA Data Gateway and DNP3 Components Denial of Service Vulnerability in Triangle MicroWorks SCADA Data Gateway and DNP3 Components XML External Entity (XXE) Vulnerability in Schneider Electric SCADA Systems Denial of Service Vulnerability in SEL-2241, SEL-3505, and SEL-3530 RTAC Master Devices Denial of Service Vulnerability in OSIsoft PI Interface for IEEE C37.118 Denial of Service Vulnerability in OSIsoft PI Interface for IEEE C37.118 Arbitrary Code Execution and File Manipulation Vulnerability in Sixnet UDR and RTU Firmware Insecure PRNG and Seeding Strategy in ProSoft RadioLinx ControlScape before 6.00.040 Denial of Service Vulnerability in Software Toolbox TOP Server Rockwell Automation RSLinx Enterprise Software LogReceiver.exe Datagram Handling Logic Error Vulnerability Logic Error in Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) Leads to Service Crash Logic error in Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) leads to out-of-bounds read access violation Heap-based Buffer Overflow in Philips Xper Information Management Physiomonitoring 5 Components, Xper Information Management Vascular Monitoring 5 Components, and Xper Information Management Servers and Workstations for Flex Cardio Products Denial of Service Vulnerability in OSIsoft PI Interface for DNP3 Remote Command Execution Vulnerability in Emerson Process Management ROC800, DL8000, and ROC800L RTUs Denial of Service Vulnerability in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX Denial of Service Vulnerability in Cooper Power Systems SMP 4, 4/DP, and 16 Gateways Cooper Power Systems Cybectec DNP3 Master OPC Server Denial of Service Vulnerability DNP3 Component Denial of Service Vulnerability in Cooper Power Systems SMP Gateways Arbitrary Code Execution via Crafted HTML Document in Mitsubishi Electric Automation MC-WorX Suite 8.02 Denial of Service Vulnerability in Alstom e-terracontrol 3.5-3.7 DNP Master Driver Cleartext Credential Vulnerability in Sierra Wireless AirLink Raven X EV-DO Gateway Remote Firmware Reprogramming Vulnerability in Sierra Wireless AirLink Raven X EV-DO Gateway Denial of Service Vulnerability in NovaTech Orion Substation Automation Platform Denial of Service Vulnerability in NovaTech Orion Substation Automation Platform Denial of Service Vulnerability in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX Denial of Service Vulnerability in Schneider Electric SCADA Software Denial of Service Vulnerability in Elecsys Director Gateway Devices Authentication Bypass Vulnerability in WellinTech KingSCADA, KingAlarm&Event, and KingGraphic Arbitrary DLL Code Execution via ProjectURL Property in WellinTech KingSCADA, KingAlarm&Event, and KingGraphic DNP Master Driver Denial of Service Vulnerability Denial of Service Vulnerability in MatrikonOPC SCADA DNP3 OPC Server 1.2.2.0 and Earlier SumatraPDF Reader 2.x Use-After-Free Remote Code Execution Vulnerability Uninitialized Data Exposure in Buffer::Set Function in Google Chrome OS O3D Plug-in Use-After-Free Vulnerability in Google Chrome OS Origin Restriction Bypass in Google Chrome OS Plug-ins Origin Restriction Bypass in Google Chrome OS Plug-ins Unspecified Vulnerabilities in Google Chrome before 27.0.1453.93 SVG Use-after-free Vulnerability in Google Chrome Out-of-Bounds Read Vulnerability in Google V8 Unspecified Variable Cast Vulnerability in Google Chrome Google Chrome Media Loader Use-After-Free Vulnerability Google Chrome Use-After-Free Vulnerability in Pepper Resource Handling Google Chrome Use-After-Free Vulnerability in Widget Handling Google Chrome Use-After-Free Vulnerability in Speech Data Handling Cascading Style Sheets (CSS) Use-After-Free Vulnerability in Google Chrome Denial of Service and Memory Corruption Vulnerability in Google Chrome's Web Audio Implementation Google Chrome Media Loader Use-After-Free Vulnerability Race condition vulnerability in Google Chrome before 27.0.1453.93 XSS Auditor Vulnerability in Google Chrome Cross-Site Scripting (XSS) Vulnerabilities in Google Chrome: Drag-and-Drop and Copy-and-Paste Vector Injection Heap-based Buffer Overflow in iSCSI Target Subsystem in Linux Kernel Format String Vulnerability in Linux Kernel's register_disk Function Format String Vulnerability in Broadcom B43 Wireless Driver Header Truncation Vulnerability in Google Chrome Incorrect Handle Vulnerability in Google Chrome Denial of Service and Memory Corruption Vulnerability in Google Chrome Developer Tools API Critical Use-After-Free Vulnerability in Google Chrome Allows Remote Code Execution Google Chrome Use-After-Free Vulnerability in Image Handling HTML5 Audio Use-After-Free Vulnerability in Google Chrome Same Origin Policy Bypass and Namespace Pollution Vulnerability in Google Chrome Google Chrome Use-After-Free Vulnerability in Database API SVG Use-after-free Vulnerability in Google Chrome Skia GPU Acceleration Denial of Service Vulnerability Unspecified Remote Code Execution and Denial of Service Vulnerability in Google Chrome Denial of Service Vulnerability in Google Chrome PDF Functionality Unspecified Vulnerabilities in Google Chrome before 27.0.1453.110 Clickjacking Vulnerability in Flash Plug-in Allows Remote Access to Camera and Microphone Google Chrome Pop-Under Window Vulnerability Unrestricted Sync Operations Vulnerability in Google Chrome Denial of Service Vulnerability in Google Chrome 28.0.1500.71 Remote Code Execution Vulnerability in Google Chrome Google Chrome Use-After-Free Vulnerability in Input Handling Insufficient Entropy in Google Chrome on Mac OS X Use-after-free vulnerability in Google Chrome before 28.0.1500.71: Denial of Service via 404 HTTP Status Code Bypassing Access Restrictions on Screen Data in Google Chrome with Nvidia GPU Out-of-bounds read vulnerability in SVGInlineTextBox.cpp in Blink Improper Enforcement of Screenshot Restrictions in Google Chrome Extension API Out-of-Bounds Read Vulnerability in libxml2 Out-of-Bounds Read Vulnerability in Google Chrome (CVE-2013-2881) Improper Trust Determination in Google Chrome Allows for Phishing Attacks Unspecified Vulnerabilities in Google Chrome before 28.0.1500.71 Same Origin Policy Bypass in Google Chrome before 28.0.1500.95 Type Confusion Vulnerability in Google V8 Engine Use-after-free vulnerability in Google Chrome: Remote Denial of Service and Possible Impact via MutationObserver Object Deletion DOM Use-After-Free Vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 28.0.1500.95: Denial of Service and Remote Code Execution Unspecified Vulnerabilities in Google Chrome before 28.0.1500.95 Unspecified Vulnerabilities in Google Chrome before 29.0.1547.57 Multiple Array Index Errors in HID Subsystem of Linux Kernel Heap-based Out-of-Bounds Write Vulnerability in Linux HID Subsystem Denial of Service Vulnerability in Linux Kernel HID Sony Driver Denial of Service Vulnerability in Linux Kernel HID Subsystem Heap-based Out-of-Bounds Write Vulnerability in Linux HID Subsystem Heap-based Out-of-Bounds Write Vulnerability in Linux Kernel HID Subsystem Denial of Service Vulnerability in Linux Kernel HID Subsystem Denial of Service and Information Disclosure Vulnerability in Linux Kernel HID Logitech DJ Driver Denial of Service Vulnerability in Linux Kernel HID-NTrig Driver Multiple Array Index Errors in HID Multitouch Driver in Linux Kernel Information Disclosure Vulnerability in Linux Kernel HID Sensor Hub Driver Denial of Service Vulnerability in Linux Kernel HID Subsystem with CONFIG_HID_PICOLCD Enabled Directory Traversal Vulnerability in Google Chrome on Windows Multiple integer overflows in ANGLE renderer files allow for denial of service or other impact XSLT ProcessingInstruction Use-After-Free Vulnerability in Google Chrome HTMLMediaElement Use-After-Free Vulnerability in Blink Use-after-free vulnerability in Blink's Document::finishedParsing function allows for denial of service or potential unspecified impact Weak Permissions in SharedMemory::Create Function in Google Chrome Multiple Race Conditions in Web Audio Implementation in Google Chrome Out-of-Bounds Read Vulnerability in Google Chrome's Window.prototype Object Implementation Address Bar Spoofing Vulnerability in Google Chrome Blink Use-After-Free Vulnerability in Google Chrome Use-after-free vulnerability in Web Audio implementation in Google Chrome before 30.0.1599.66 Use-after-free vulnerability in XSLStyleSheet::compileStyleSheet function in Blink Use-after-free vulnerability in PepperInProcessRouter::SendToHost function in Google Chrome Use-after-free vulnerability in XMLDocumentParser::append function in Blink Use-after-free vulnerability in color-chooser dialog in Google Chrome before 30.0.1599.66 on Windows Address Bar Spoofing Vulnerability in Google Chrome Address bar spoofing vulnerability in Google Chrome before version 30.0.1599.66 Out-of-bounds read vulnerability in ReverbConvolverStage function in Blink Use-after-free vulnerability in RenderBlock::collapseAnonymousBlockChild function in Blink Memory Corruption Vulnerability in Google V8 Engine Out-of-Bounds Read Denial of Service Vulnerability in Google Chrome Double Free Vulnerability in ResourceFetcher::didLoadResource Function in Blink Use-after-free vulnerability in Blink allows remote attackers to cause denial of service or other impact via crafted JavaScript code Unspecified Vulnerabilities in Google Chrome before 30.0.1599.66 ICU Use-After-Free Vulnerability in Google Chrome and Other Products Use-after-free vulnerability in Blink's XMLHttpRequest object in Google Chrome before version 30.0.1599.101 Use-after-free vulnerability in IndentOutdentCommand allows for denial of service or other impact via list elements in Blink HTMLFormElement::prepareForSubmission Use-After-Free Vulnerability in Blink Unspecified Vulnerabilities in Google Chrome Before 30.0.1599.101 Vulnerability: Improper Use of get_dumpable Function in Linux Kernel Improper Access Control in Linux Kernel Allows Unauthorized Function Tracing Unspecified Vulnerabilities in Google Chrome Before 31.0.1650.48 Unspecified Vulnerability in Citrix CloudPortal Services Manager 10.0 before Cumulative Update 3 Unrestricted Access to Web Services in Citrix CloudPortal Services Manager (Cortex) 10.0 before Cumulative Update 3 Unspecified Vulnerability in Citrix CloudPortal Services Manager 10.0 before Cumulative Update 3 Unspecified Vulnerability in Citrix CloudPortal Services Manager 10.0 before Cumulative Update 3 Unspecified Debugging Vulnerability in Citrix CloudPortal Services Manager 10.0 before Cumulative Update 3 Unspecified Vulnerability in Citrix CloudPortal Services Manager 10.0 before Cumulative Update 3 Unspecified Vulnerability in Citrix CloudPortal Services Manager 10.0 before Cumulative Update 3 Unspecified Vulnerability in Citrix CloudPortal Services Manager 10.0 before Cumulative Update 3 Authentication Bypass Vulnerability in strongSwan 4.3.5 through 5.0.3 SQL Injection Vulnerability in b2evolution Blogs/Admin.php CRLF Injection Vulnerability in IBM WebSphere Portal Sensitive Information Disclosure in IBM WebSphere Portal 7.0.0.x and 8.0.0.x Weak Signature Algorithm in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite Unlimited Authentication Attempts Vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite Stored XSS vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite before 9.1.0.3 Arbitrary SQL Command Execution Vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite Arbitrary Web Script Injection in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite Unencrypted Session Vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite Buffer Overflow Vulnerability in KDSMAIN Component of IBM Tivoli Monitoring Unspecified HTTP Redirection Vulnerability in IBM Tivoli Monitoring Buffer Overflow Vulnerability in IBM WebSphere Transformation Extender Launcher Buffer Overflow Vulnerability in dsmtca in IBM Tivoli Storage Manager (TSM) on UNIX and Linux Arbitrary Web Script Injection Vulnerability in IBM WebSphere Application Server Administrative Console Denial of Service Vulnerability in IBM Sterling Control Center (SCC) Arbitrary Web Script Injection Vulnerability in IBM Sterling Control Center (SCC) Remote Code Execution Vulnerability in IBM QRadar SIEM 7.x before 7.1 MR2 Patch 1 Remote Access Bypass Vulnerability in IBM WebSphere Cast Iron 6.3 Bypassing Authorization and Privilege Escalation in BIRT Viewer of IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x Improper Caching in IBM WebSphere Application Server Administrative Console Arbitrary Code Execution via Malformed PNG Image in IBM Notes Absolute Path Traversal Vulnerability in IBM Cognos Business Intelligence Server Arbitrary File Read Vulnerability in IBM Optim Performance Manager CSRF Vulnerability in IBM Data Studio Web Console Allows Authentication Hijacking Arbitrary File Read Vulnerability in IBM Data Studio Web Console Arbitrary File Upload Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Cross-Site Scripting (XSS) Vulnerabilities in IBM Sterling File Gateway and Sterling B2B Integrator IBM Sterling B2B Integrator and Sterling File Gateway Directory Traversal Vulnerability Unspecified Information Disclosure Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Unspecified Information Disclosure Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Absolute Path Traversal Vulnerability in IBM Cognos Business Intelligence Server Privilege Escalation Vulnerability in IBM Sterling Connect:Direct Denial of Service Vulnerability in IBM WebSphere Commerce 7.0 FP4 through FP6 Unspecified Web Services Authentication Bypass in IBM WebSphere Commerce Session Hijacking Vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 Session Hijacking Vulnerability in IBM Security AppScan Enterprise before 8.7 Sensitive Information Disclosure in IBM Maximo Asset Management and SmartCloud Control Desk Arbitrary Web Script Injection Vulnerability in IBM InfoSphere Data Replication Dashboard Arbitrary SQL Command Execution Vulnerability in IBM InfoSphere Data Replication Dashboard Arbitrary File Read Vulnerability in IBM InfoSphere Data Replication Dashboard Arbitrary Command Execution Vulnerability in IBM IMS Enterprise Suite SOAP Gateway Arbitrary File Read Vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) Arbitrary File Access and Overwrite Vulnerability in IBM AIX and VIOS TFTP Client Unspecified vulnerability in IBM Java 7 before 7 SR5 Unspecified vulnerability in IBM Java 6.0.1 and 7 before SR5 Unspecified vulnerability in IBM Java 7 before 7 SR5 Improper Access Control in com.ibm.CORBA.iiop.ClientDelegate class Unspecified vulnerability in IBM Java 6.0.1 and 7 before SR5 Unspecified vulnerability in IBM Java Runtime Environment (JRE) versions 1.4.2 to 7 SR5 Unspecified vulnerability in IBM Java Runtime Environment (JRE) versions 1.4.2 to 7 SR5 User Directory Access Vulnerability in IBM WebSphere Portal Weak SSL Ciphers Vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) Sensitive Configuration Information Disclosure in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 Unspecified Information Disclosure Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Sensitive Information Disclosure in IBM Tivoli Application Dependency Discovery Manager (TADDM) Privilege Escalation Vulnerability in IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX Arbitrary Web Script Injection in IBM Rational Focal Point 6.5.x and 6.6.x Buffer Overflow in Lotus Quickr for Domino ActiveX Control Integer Overflow in DWA9W ActiveX Control in IBM Domino 9.0 Allows Remote Code Execution (SPR PTHN97XHFW) Buffer Overflow Vulnerabilities in IBM WebSphere MQ Programs Cross-Site Request Forgery (CSRF) Vulnerability in IBM WebSphere Application Server Denial of Service Vulnerability in IBM Cognos Business Intelligence Servlet Gateway Denial of Service Vulnerability in IBM solidDB Universal Cache Component Cross-site scripting (XSS) vulnerability in iNotes MIME e-mail functionality in IBM Domino 9.0 before IF3 SQL Injection Vulnerability in IBM Tivoli Remote Control 5.1.2 Arbitrary Web Script Injection Vulnerability in IBM InfoSphere Information Server Denial of Service Vulnerability in IBM AIX and VIOS IPv6 Implementation Open Redirect Vulnerability in IBM Rational Requirements Composer Unspecified Privilege Escalation Vulnerability in IBM Rational Requirements Composer Unspecified Credential Discovery Vulnerability in IBM Rational Requirements Composer Authentication Bypass Vulnerability in IBM Rational Requirements Composer User Account Enumeration Vulnerability in IBM InfoSphere Information Server JSON Hijacking Vulnerability in IBM Rational ClearQuest Directory Traversal Vulnerability in IBM Rational Software Architect Design Manager and Rhapsody Design Manager Directory Traversal Vulnerability in IBM Rational Software Architect Design Manager and Rhapsody Design Manager Spoofing and Anonymous Chat Message Vulnerability in IBM Lotus Sametime 8.5.2 and 8.5.2.1 Remote Code Execution Vulnerability in IBM Lotus Sametime 8.5.2 and 8.5.2.1 Missing HSTS Header in IBM Sametime Meeting Server Allows Session Hijacking and Information Disclosure Unspecified Privilege Escalation Vulnerability in IBM Maximo Asset Management Arbitrary Web Script Injection Vulnerability in IBM Maximo Asset Management Unspecified Access Restriction Bypass Vulnerability in IBM Maximo Asset Management Remote SQL Injection Vulnerability in ZAPms 1.41 and Earlier Vulnerability: TrustZone Kernel Memory Region Verification Bypass on Motorola Devices Remote Code Execution and Configuration Manipulation Vulnerability in Lexmark Markvision Enterprise Privilege Bypass Vulnerability in Joomla! 2.5.x and 3.0.x Privilege Bypass Vulnerability in Joomla! 2.5.x and 3.0.x Unspecified Cross-Site Scripting (XSS) Vulnerability in Joomla! 2.5.x and 3.0.x Arbitrary Code Injection through Voting Plugin in Joomla! 2.5.x and 3.0.x Unauthenticated Access Vulnerability in Apache ActiveMQ Web Console Remote Bypass of Transaction Restrictions in SAP Healthcare Industry Solution Bypassing Transaction Restrictions in SAP Production Planning and Control Arbitrary Command Execution Vulnerability in SAP BASIS Communication Services 4.6B through 7.30 Open Redirect Vulnerability in Linksys EA6500 Firmware 1.1.28.147876 Cross-site scripting (XSS) vulnerability in Linksys EA6500 firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML in Parental Controls Improper Access Restriction in Linksys EA6500 Firmware 1.1.28.147876 Allows Information Disclosure XSS Vulnerability in Linksys WRT310Nv2 2.0.0.1 Router CSRF Vulnerability in Linksys WRT310Nv2 2.0.0.1 Allows Remote Authentication Hijacking Cross-Site Scripting (XSS) Vulnerabilities in NETGEAR WNDR4700 Firmware 1.0.0.34 Netgear WNDR4700 Firmware 1.0.0.34 Management Web Interface PSK Disclosure Vulnerability Authentication Bypass Vulnerability in NETGEAR Centria WNDR4700 Devices Authentication Bypass Vulnerability in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 Symlink Traversal Vulnerability in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 Denial of Service Vulnerability in NetGear WNDR4700 Media Server Devices Buffer Overflow Vulnerability in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3 Uninitialized Length Variables Vulnerability in Linux Kernel Crypto API Integer overflows in IP_MSFILTER and IPV6_MSFILTER features in FreeBSD Arbitrary Code Execution with Root Privileges in VMware vCenter Server Appliance (vCSA) 5.1 Arbitrary File Creation and Code Execution Vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 SQL Injection Vulnerability in Jojo CMS Plugin Arbitrary Web Script Injection Vulnerability in Jojo CMS Forgot Password Feature Belkin F5D8236-4 v2 Remote Management Interface CSRF Vulnerability Belkin Model F5D8236-4 v2 Router XSS Vulnerabilities Authentication Bypass Vulnerability in Belkin F5D8236-4 v2 Web Management Interface Belkin N900 Router CSRF Vulnerability: Remote Authentication Hijacking Belkin N900 Router XSS Vulnerabilities Authentication Bypass Vulnerability in Belkin N900 Router (F9K1104v1) via Javascript Debugging Belkin N300 Router CSRF Authentication Hijacking Vulnerability Belkin N300 Router Multiple Cross-Site Scripting (XSS) Vulnerabilities Authentication Bypass Vulnerability in Belkin N300 Router (F7D7301v1) via Javascript Debugging Authentication Bypass Vulnerability in Belkin N300 (F7D7301v1) Router CSRF Vulnerability in ASUS RT-N56U Devices CSRF Vulnerabilities in D-Link DIR865L Router (Rev. A1) Firmware Unauthenticated Hardware Linking Vulnerability in D-Link DIR865L v1.03 Unspecified Cross-site scripting (XSS) vulnerability in Verizon FIOS Actiontec MI424WR-GEN3I router CSRF Vulnerabilities in TRENDnet TEW-812DRU Router Firmware before 1.0.9.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Open-Xchange AppSuite and Server Bypassing Authentication in VMware vCenter Server 5.1 Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer Script Debug Vulnerability WMV Video Decoder Remote Code Execution Vulnerability OpenType Font Parsing Vulnerability TrueType Font Parsing Vulnerability Array Access Violation Vulnerability Delegate Reflection Bypass Vulnerability Anonymous Method Injection Vulnerability in Microsoft .NET Framework Array Allocation Vulnerability Kernel Information Disclosure Vulnerability XML Disclosure Vulnerability in Microsoft FrontPage 2003 SP3 TCP/IP Integer Overflow Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Use After Free Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Windows Defender Signature-Update Pathname Vulnerability Access Memory Corruption Vulnerability Access File Format Memory Corruption Vulnerability Access Memory Corruption Vulnerability Microsoft Office Memory Corruption Vulnerability XML External Entities Resolution Vulnerability in Microsoft Excel XML External Entities Resolution Vulnerability in Microsoft Office and Word Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 8 Memory Corruption Vulnerability Shift JIS Character Encoding Vulnerability in Microsoft Internet Explorer 6-10 Win32k Memory Object Handling Privilege Escalation Vulnerability Delegate Serialization Vulnerability Win32k Buffer Overflow Vulnerability Win32k Buffer Overflow Vulnerability DirectShow GIF File Arbitrary Memory Overwrite Vulnerability Asynchronous RPC Request Remote Code Execution Vulnerability Null Pointer Vulnerability in Microsoft Silverlight 5 SharePoint Server Cross-Site Scripting (XSS) Vulnerability Arbitrary Web Script Injection in Microsoft SharePoint Server 2010 and 2013 (POST XSS Vulnerability) Uniscribe Font Parsing Engine Memory Corruption Vulnerability Windows NAT Driver Memory Corruption Vulnerability ICMPv6 Memory Allocation Vulnerability Internet Explorer Memory Corruption Vulnerability AD FS Information Disclosure Vulnerability Process Integrity Level Assignment Vulnerability in Microsoft Internet Explorer Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability EUC-JP Character Encoding XSS Vulnerability in Microsoft Internet Explorer 6-10 Internet Explorer Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Comctl32 Integer Overflow Vulnerability Windows Kernel Memory Corruption Vulnerability Windows Kernel Memory Corruption Vulnerability Windows Kernel Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Windows USB Descriptor Vulnerability Internet Explorer Memory Corruption Vulnerability (CVE-2013-3210) Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability (CVE-2013-3210) Internet Explorer Memory Corruption Vulnerability Internet Explorer 9 and 10 Memory Corruption Vulnerability Improper Blocking of Top-Level Domains in Set-Cookie Headers in Opera before 12.15 Unspecified Vulnerability in Opera Before 12.15: Moderately Severe Issue Local File Inclusion Vulnerability in vtiger CRM 5.4.0 and Earlier: Exploiting 'customerportal.php' to View Files and Execute Local Script Code Multiple SQL Injection Vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 PHP Code Injection Vulnerability in 'vtigerolservice.php' in vtiger CRM 5.4.0 and earlier Authentication Bypass Vulnerability in vtiger CRM 5.4.0 and Earlier Double-spending vulnerability in bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 Denial of Service and Double-Spending Vulnerability in Bitcoin Software Data-type Injection Vulnerability in Ruby on Rails Active Record Component Uninitialized Length Variable Vulnerability in vcc_recvmsg Function Uninitialized Data Structure Vulnerability in Linux Kernel's ax25_recvmsg Function Kernel Stack Memory Disclosure Vulnerability Uninitialized Length Variable Vulnerability in Linux Kernel Bluetooth RFComm Socket Uninitialized Length Variable Vulnerability in sco_sock_recvmsg Function Uninitialized Length Variable Vulnerability in caif_seqpkt_recvmsg Function Uninitialized Length Variable Vulnerability in Linux Kernel's irda_recvmsg_dgram Function Uninitialized Length Variable Vulnerability in iucv_sock_recvmsg Function Uninitialized Structure Member Vulnerability in l2tp_ip6_recvmsg Function Uninitialized Length Variable Vulnerability in llc_ui_recvmsg Function Uninitialized Data Structure Vulnerability in nr_recvmsg Function Uninitialized Variable Vulnerability in llcp_sock_recvmsg Function Uninitialized Data Structure Vulnerability in Linux Kernel's rose_recvmsg Function Uninitialized Data Structure Vulnerability in Linux Kernel Kernel Stack Memory Disclosure Vulnerability Uninitialized Length Variable Vulnerability in vsock_stream_sendmsg Function Arbitrary Code Execution Vulnerability in phpMyAdmin 3.5.x and 4.x Arbitrary Code Execution via Double Extension in phpMyAdmin Directory Traversal Vulnerability in phpMyAdmin Export Feature Arbitrary Variable Overwrite Vulnerability in phpMyAdmin 4.x before 4.0.0-rc3 PHP Object Injection Vulnerability in Joomla! 2.5.x and 3.0.x Unspecified Remote Code Execution Vulnerability in OpenText/IXOS ECM for SAP NetWeaver Arbitrary Code Execution Vulnerabilities in SAP ECC Project System Module Denial of Service and Possible Code Execution Vulnerability in VideoLAN VLC Media Player 2.0.7 Arbitrary Code Execution via Crafted XCF Image Layer in XnView Heap-based Buffer Overflow in XnView Allows Remote Code Execution via Crafted XCF File Untrusted Search Path Vulnerability in Corel PDF Fusion 1.11 Arbitrary Code Execution Vulnerability in DameWare Remote Support's Add from Text File Feature CSRF Vulnerability in WP Maintenance Mode Plugin Allows Arbitrary User Hijacking CSRF Vulnerability in qTranslate Plugin for WordPress Allows Unauthorized Settings Changes CSRF Vulnerability in WP-PostViews Plugin Allows Unauthorized Settings Modification Xhanch - My Twitter Plugin CSRF Vulnerability in admin/setting.php Arbitrary Script Injection in WP Photo Album Plus Plugin for WordPress CSRF Vulnerability in Shareaholic SexyBookmarks Plugin for WordPress CSRF Vulnerability in Related Posts Plugin for WordPress CSRF Vulnerability in Digg Digg Plugin for WordPress Stack-based Buffer Overflow in INMATRIX Zoom Player: Remote Code Execution via Large biClrUsed Value in BMP File Heap-based Buffer Overflow in INMATRIX Zoom Player: Arbitrary Code Execution via Large biClrUsed Value in BMP File Arbitrary Script Injection in GRAND FlAGallery Plugin for WordPress Arbitrary Web Script Injection in Download Monitor Plugin for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in WP Ultimate Email Marketer Plugin for WordPress Unrestricted Access Vulnerability in WP Ultimate Email Marketer Plugin Memory Corruption and Arbitrary Code Execution Vulnerability in NFS Server Arbitrary Script Injection Vulnerability in Joomla! Highlighter Plugin Token Refresh Vulnerability in Novell iManager 2.7 before SP6 Patch 1 CSRF Vulnerability in Cybozu Office Allows Authentication Hijacking Privilege Escalation via Incorrect Group Ownership in EMC VNX and Celerra Control Stations Insecure Login Attempts Enforcement in EMC RSA Authentication Agent for PAM 7.0 Sensitive Information Exposure in EMC Replication Manager (RM) before 5.4.4 Cleartext Administrative Password Exposure in EMC RSA Authentication Manager Arbitrary Code Execution Vulnerability in EMC Avamar Server and Avamar Virtual Edition Cross Frame Scripting Vulnerability in EMC Avamar Server and Avamar Virtual Edition Authentication Bypass Vulnerability in EMC RSA Archer GRC 5.x before 5.4 Open Redirect Vulnerability in EMC RSA Archer GRC 5.x before 5.4 Cleartext Storage of LDAP/AD Bind Password in EMC VPLEX Blank Password Vulnerability in EMC Atmos Fail-Open Design Vulnerability in EMC RSA Authentication Agent 7.1.x for Web for Internet Information Services Arbitrary web script injection vulnerability in EMC Documentum Web Applications Cleartext Administrator Password Disclosure in EMC NetWorker Management Console Arbitrary Web Script Injection in EMC Documentum eRoom before 7.4.4 P11 Cleartext LDAP Bind Password Disclosure in EMC Unisphere for VMAX Arbitrary Web Script Injection Vulnerability in EMC RSA Data Protection Manager (DPM) Appliance SQL Injection Vulnerabilities in Exponent CMS before 2.2.0 RC1 Exponent CMS Directory Traversal Vulnerability in install/popup.php Denial of Service Vulnerability in RealPlayer 16.0.2.32 and Earlier Improper Input Validation in JsonParser Class Allows Information Disclosure Denial of Service Vulnerability in Linux Kernel's ftrace Implementation Race condition in smb_send_rqst function in Linux kernel before 3.7.2 allows local users to cause denial of service or other impact via reconnection event. Arbitrary File Read Vulnerability in Dell EqualLogic PS4000 Firmware 6.0 Loftek Nexus 543 IP Camera Directory Traversal Vulnerability CSRF Vulnerabilities in Loftek Nexus 543 IP Camera Allow Remote Authentication Hijacking Cleartext Password Storage Vulnerability in Loftek Nexus 543 IP Camera Loftek Nexus 543 IP Camera Vulnerability: Information Disclosure via get_realip.cgi and get_status.cgi Privilege Escalation Vulnerability in TIBCO Silver Mobile 1.1.0 Authentication Bypass Vulnerability in Netgear WNR1000v3 Firmware Authentication Bypass Vulnerability in Netgear WNR1000v3 Firmware Sensitive Information Disclosure in SAP Netweaver 7.03 HostControl Service NetApp OnCommand System Manager XSS Vulnerability Arbitrary File Inclusion Vulnerability in NetApp OnCommand System Manager 2.1 and Earlier Arbitrary Command Injection in NetApp OnCommand System Manager 2.1 and Earlier Privilege Escalation Vulnerability in IBM Maximo Asset Management with WebSeal Authentication Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary File Read Vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Operating-System Domain Blacklist Handling Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Heap-based buffer overflow in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution via PCM Data Handling Vulnerability in Adobe Flash Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Unspecified Denial of Service Vulnerability in Adobe ColdFusion 9.0 through 9.0.2 with JRun Application Server Remote Code Execution via WebSockets in Adobe ColdFusion 10 before Update 11 Stack-based Buffer Overflow Vulnerabilities in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Buffer Overflow Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Reader and Acrobat Buffer Overflow Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability in Adobe Reader and Acrobat Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Command Execution in TRENDnet TEW-812DRU Router Undocumented TELNET Service Exploit in TRENDnet TEW-812DRU: Backdoor HTML Parameter Vulnerability Undocumented TELNET Service with Backdoor Password Vulnerability in TRENDnet TEW-691GR and TEW-692GR Symlink Attack Vulnerability in bin/rt of Request Tracker (RT) 3.8.x and 4.0.x Arbitrary Private Component Execution in Request Tracker (RT) 3.8.x and 4.0.x Unrestricted Access to Private Callback Components in Request Tracker (RT) 3.8.x and 4.0.x Arbitrary Web Script Injection via Attachment Filename in Request Tracker (RT) Multiple Content-Disposition Header Injection and Cross-Site Scripting (XSS) Vulnerability in Request Tracker (RT) 3.8.x and 4.0.x CRLF Injection Vulnerability in Request Tracker (RT) 3.8.x and 4.0.x Unspecified vulnerability in Request Tracker (RT) 3.8.x and 4.0.x allows sensitive information disclosure Cisco Prime Central for Hosted Collaboration Solution XSS Vulnerability (Bug ID CSCue23798) Open Redirect Vulnerability in Cisco Video Surveillance Operations Manager Help Page Denial of Service Vulnerability in Cisco TelePresence TC and TE Software (CSCue01743) Denial of Service Vulnerability in Cisco TelePresence TC and TE Software Cisco TelePresence TC Software Firewall Subsystem Vulnerability Improper Access Control in Cisco Secure Access Control System (ACS) Administrative Web Interface (Bug ID CSCue79279) Denial of Service Vulnerability in Cisco Hosted Collaboration Mediation (Bug ID CSCug85756) Denial of Service Vulnerability in Cisco Adaptive Security Appliances (ASA) Devices Arbitrary Command Execution Vulnerability in Cisco Web Security Appliance Devices Arbitrary Command Execution Vulnerability in Cisco Web Security Appliances Denial of Service vulnerability in Cisco Web Security and Email Security Appliances Denial of Service Vulnerability in IronPort Spam Quarantine Component Denial of Service Vulnerability in Cisco Prime Central for HCS Assurance Denial of Service Vulnerability in Cisco Prime Central for HCS Assurance Denial of Service Vulnerability in Cisco Prime Central for HCS Assurance Memory Leak Vulnerability in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x Cross-Site Request Forgery (CSRF) Vulnerabilities in Cisco WebEx Social Denial of Service Vulnerability in Cisco Jabber for Windows and Cisco Virtualization Experience Media Engine Cisco Prime Network Registrar 8.1 XSS Vulnerability (CSCuh41429) CSRF Vulnerability in Cisco IronPort, Email Security, and Content Security Appliances Cisco Content Security Management on Security Management Appliance (SMA) XSS Vulnerability (Bug ID CSCuh24749) CSRF Vulnerability in Cisco Unified Communications Manager (CUCM) Unified Serviceability Component (Bug ID CSCuh10298) Directory Enumeration Vulnerability in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance Buffer Overflow Vulnerability in Cisco Desktop Collaboration Experience DX650 API Arbitrary Command Execution Vulnerability in Cisco NX-OS on Nexus 1000V Devices (Bug ID CSCuh30824) Unintended Use of NOTIFY Messages in Cisco TelePresence TC Software (Bug ID CSCud96080) Arbitrary Command Execution Vulnerability in Cisco Unified Communications Manager (CUCM) Untrusted Search Path Vulnerabilities in Cisco Unified Communications Manager (CUCM) Allow Local Privilege Escalation (CSCuh73454) SQL Injection Vulnerability in Cisco Unified Communications Manager (CUCM) Versions 7.1(x) through 9.1(1a) Authentication Bypass Vulnerability in Cisco TelePresence Endpoints Arbitrary File Read Vulnerability in Cisco Intelligent Automation for Cloud Unauthenticated Access to Sensitive Information in Cisco Server Provisioner Incorrect Operating-System Permissions Vulnerability in Cisco Virtualization Experience Client 6000 Devices (Bug ID CSCuc31764) Cleartext Credential Exposure in Cisco Prime Central for HCS Portal Denial of Service Vulnerability in Cisco IPS NME Devices Denial of Service Vulnerability in Cisco Catalyst 6500 Devices with IDSM-2 Module (Bug ID CSCuh27460) SQL Injection Vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) (Bug ID CSCuh81766) Cisco Identity Services Engine (ISE) Cross-Site Scripting (XSS) Vulnerability Cisco ASA WebVPN Portal Login Page Cross-Site Scripting (XSS) Vulnerability Memory Consumption Denial of Service Vulnerability in Cisco ASA Software Arbitrary Web Script Injection Vulnerability in Cisco Unified Operations Manager and Unified Service Monitor Authentication Bypass Vulnerability in Cisco Video Surveillance Operations Manager Memory Allocation Vulnerability in Cisco Unified Communications Domain Manager Cisco Unified MeetingPlace Web Conferencing XSS Vulnerability (Bug ID CSCuh74981) Cisco Identity Services Engine (ISE) Cross-Site Request Forgery (CSRF) Vulnerability Cisco Secure Access Control System (ACS) Help Index Page Cross-Site Scripting (XSS) Vulnerability Cisco Secure Access Control System (ACS) Cross-Site Scripting (XSS) Vulnerability (CSCud75165) Cisco Secure Access Control System (ACS) Cross-Site Scripting (XSS) Vulnerability CSRF Vulnerability in Cisco Secure ACS Administration and View Pages (CSCud75177) File Enumeration Vulnerability in Cisco WebEx 11 Meeting Center Component Arbitrary File Read Vulnerability in Cisco 9900 IP Phones (CSCuh52810) Information Disclosure Vulnerability in Cisco Secure Access Control System (ACS) Web Interface Directory Traversal Vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 Information Disclosure Vulnerability in Cisco Video Surveillance Manager (VSM) before 7.0.0 Unauthenticated Access to Cisco Video Surveillance Manager (VSM) Monitoring Pages Privilege Escalation Vulnerability in Cisco Unified Communications Manager (CUCM) Untrusted Search Path Vulnerability in Cisco Unified Communications Manager (CUCM) Allows Privilege Escalation Denial of Service Vulnerability in Cisco Unified IP Conference Station 7937G (Bug ID CSCuh42052) Improper Configuration of GET VPN Feature Allows Encryption Bypass (Bug ID CSCui07698) SQL Injection Vulnerability in Cisco Unified Operations Manager Remote Access Bypass Vulnerability in Cisco Unified MeetingPlace Web Conferencing (Bug ID CSCuh86385) Cisco Unified Operations Manager XSS Vulnerability (Bug ID CSCud80182) Cross-Site Scripting (XSS) Vulnerabilities in Cisco Unified Operations Manager Administrative Web Interface (Bug ID CSCud80186) Denial of Service Vulnerability in Cisco Aironet 3600 Access Points (Bug ID CSCuh71210) Cisco Unified Communications Manager Web Portal Stack-Trace Information Disclosure Vulnerability Arbitrary Code Execution Vulnerability in Cisco WAAS Software Arbitrary Command Execution Vulnerability in Cisco Web Framework Cisco Identity Services Engine Firewall Subsystem Denial of Service Vulnerability Open Redirect Vulnerability in Cisco Digital Media Manager (DMM) Login Page (Bug ID CSCub23849) Bypassing Access Restrictions in Cisco WebEx Meetings Server CSRF Vulnerability in Cisco Unified Communications Manager WebDialer Cisco Unified Communications Manager Multiple Cross-Site Request Forgery Vulnerabilities (CSCui13033) Memory Leak Vulnerability in Cisco Unified Communications Manager IM and Presence Service Default Password Vulnerability in Cisco TelePresence System Software Cisco Finesse Information Disclosure Vulnerability Absolute Path Traversal Vulnerability in Cisco Finesse Web Interface (Bug ID CSCug16772) Denial of Service Vulnerability in Cisco ASA Devices with SMP Denial of Service Vulnerability in Cisco Unified Communications Manager (Unified CM) 7.1(x) Memory Leak Vulnerability in Cisco Unified Communications Manager (Unified CM) 8.5(x) to 9.x Denial of Service Vulnerability in Cisco Unified Communications Manager Buffer Overflow Vulnerability in Cisco Unified Communications Manager (Unified CM) Versions 7.1(x) to 9.x Cisco ASA Protocol-Inspection Feature Denial of Service Vulnerability Cisco IOS XR Denial of Service Vulnerability (Bug ID CSCui60347) Arbitrary Command Execution via Crafted EAP-FAST Packets in Cisco Secure Access Control Server (ACS) 4.x Memory Leak Vulnerability in Cisco UCS 6100 Fabric Interconnect CLI Component Denial of Service Vulnerability in Cisco Unified IP Phone 8945 (Bug ID CSCud04270) Improper SSL Setup in Cisco Mobility Services Engine Allows Unauthenticated Session and Information Disclosure (Bug ID CSCue50794) Denial of Service Vulnerability in Cisco IOS XR RIP Process (Bug ID CSCue46731) Captive Portal Application in Cisco Identity Services Engine (ISE) Allows Cleartext Username and Password Discovery CSRF Vulnerability in Cisco Unified Communications Manager's Enterprise License Manager (ELM) Allows Remote Authentication Hijacking (CSCui58210) Authentication Bypass Vulnerability in Cisco Prime Central for HCS Assurance Denial of Service Vulnerability in Cisco Wireless LAN Controller (WLC) Devices Stack-based Buffer Overflow in db2aud in IBM DB2 and DB2 Connect CSRF vulnerability in WordPress Related Posts Plugin before 2.6.2 CSRF Vulnerability in Related Posts by Zemanta Plugin for WordPress SQL Injection Vulnerability in Apptha WordPress Video Gallery 2.0, 1.6, and Earlier CSRF Vulnerability in ShareThis Plugin for WordPress Allows Authentication Hijacking Heap-based Buffer Overflow in Sagelight 4.4 and Earlier via Crafted BMP File Artweaver Plus and Free 3.1.5 Stack-Based Buffer Overflow Vulnerability Stack-based Buffer Overflow in ER Viewer Allows Remote Code Execution Stack-based Buffer Overflow in Intergraph ERDAS ER Viewer Multiple Cross-Site Scripting (XSS) Vulnerabilities in dotCMS before 2.3.2 Untrusted Search Path Vulnerabilities in Soda PDF 5.1.183.10520 Integer Overflow Vulnerability in IrfanView FlashPix Plugin 4.3.4 0 Cross-Site Scripting (XSS) Vulnerabilities in BulletProof Security Plugin for WordPress Arbitrary Code Execution via Crafted M2TS File in Media Player Classic - Home Cinema (MPC-HC) Remote Code Execution Vulnerability in Media Player Classic - Home Cinema (MPC-HC) before 1.7.0 via Crafted RealMedia .rm File CSRF and XSS Vulnerabilities in Sharebar Plugin for WordPress Stack-Based Buffer Overflow Vulnerability in XnView 2.03 Integer Overflow Vulnerability in XnView 2.03 UMPlayer 0.98 Code Execution Vulnerability in wintab32.dll Denial of Service Vulnerability in Intel VT-d Interrupt Remapping Engine Weak Permissions in Infotecs ViPNet Software Allows Privilege Escalation via Trojan Horse Files Cleartext Password Exposure in Juniper Junos Space Configuration Tab Arbitrary Code Injection through XSS in Juniper SmartPass WLAN Security Management HTTP Referer Header Authentication Bypass in GroundWork Monitor Enterprise 6.7.0 Privilege Escalation via Insecure Ownership in GroundWork Monitor Enterprise 6.7.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in GroundWork Monitor Enterprise 6.7.0 Arbitrary Command Execution and Information Disclosure in MONARCH Component of GroundWork Monitor Enterprise 6.7.0 XML External Entity (XXE) Vulnerability in GroundWork Monitor Enterprise 6.7.0 Arbitrary File Overwrite Vulnerability in GroundWork Monitor Enterprise 6.7.0 Bypassing Access Restrictions in Nagios-App Component of GroundWork Monitor Enterprise 6.7.0 Arbitrary Command Execution via Unrestricted XML Content in GroundWork Monitor Enterprise 6.7.0 Sensitive Information Disclosure in NeDi Component of GroundWork Monitor Enterprise 6.7.0 Arbitrary Command Execution Vulnerability in NeDi System File Overview Feature Arbitrary Command Execution Vulnerability in NeDi Component of GroundWork Monitor Enterprise 6.7.0 Multiple SQL Injection Vulnerabilities in GroundWork Monitor Enterprise 6.7.0 Open Redirect Vulnerability in NeDi Component in GroundWork Monitor Enterprise 6.7.0 Improper Authorization Checks in GroundWork Monitor Enterprise 6.7.0 Cross-Site Request Forgery (CSRF) Vulnerabilities in GroundWork Monitor Enterprise 6.7.0 OpenX Multiple Directory Traversal Vulnerabilities Cross-Site Scripting (XSS) Vulnerabilities in OpenX Source 2.8.10 and Earlier CSRF Token Guessing Vulnerability in NETGEAR WNR3500U and WNR3500L Routers NETGEAR WNR3500U and WNR3500L XSS Vulnerability Privilege Escalation Vulnerability in VMware Products Arbitrary Code Execution Vulnerability in VMware vCenter Chargeback Manager (CBM) before 2.5.1 SQL Injection Vulnerability in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and Earlier SQL Injection Vulnerability in THIS HTML Is Simple (THIS) before 1.2.4 via op=page&id= URL Parameter SQL Injection Vulnerability in Pop Up News Module 2.0 and Earlier for phpVMS SQL Injection Vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and Earlier: Arbitrary SQL Command Execution via ShowPending Parameter Cross-Site Scripting (XSS) Vulnerability in Traffic Analyzer Plugin for WordPress SQL Injection Vulnerabilities in Vanilla Forums before 2.0.18.8 Unspecified Object Injection Vulnerability in Vanilla Forums Multiple Cross-Site Scripting (XSS) Vulnerabilities in WP FuneralPress Plugin SQL Injection Vulnerability in Spiffy XSPF Player Plugin 0.1 for WordPress SQL Injection Vulnerability in meneger.php in RadioCMS 2.2 SQL Injection Vulnerability in Web Dorado Spider Video Player Plugin 2.1 for WordPress SQL Injection Vulnerabilities in Virtual Access Monitor 3.10.17 and Earlier Arbitrary Web Script Injection in aiContactSafe Component for Joomla! Multiple Cross-Site Scripting (XSS) Vulnerabilities in CMSLogik 1.2.0 and 1.2.1 SQL Injection Vulnerability in Group Pay Module for WHMCS SQL Injection Vulnerabilities in Todoo Forum 2.0: Remote Code Execution Multiple Cross-Site Scripting (XSS) Vulnerabilities in Todoo Forum 2.0 CSRF Vulnerability in Sony SNC Cameras Allows Remote User Hijacking CSRF Vulnerability in AirLive Camera Models Allows Remote Authentication Hijacking Arbitrary File Read Vulnerability in AirLive WL2600CAM and Other Camera Models Hardcoded Account Vulnerability in Grandstream Camera Models Arbitrary File Creation and Overwrite Vulnerability in AXIS Media Control (AMC) ActiveX Control Unrestricted Ticket Access Vulnerability in OTRS Arbitrary Code Execution Vulnerability in Nitro Pro and Nitro Reader Arbitrary Code Execution Vulnerability in Nitro Pro and Nitro Reader Denial of Service Vulnerability in Wireshark GTPv2 Dissector ASN.1 BER Dissector Remote Denial of Service Vulnerability Denial of Service Vulnerability in Wireshark ASN.1 BER Dissector Denial of Service Vulnerability in Wireshark 1.8.x Integer Overflow and Heap Memory Corruption in DCP ETSI Dissector in Wireshark 1.8.x Format string vulnerability in the dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in Wireshark before 1.8.7 allows remote attackers to cause a denial of service (application crash) via a malformed packet. Multiple Integer Overflows in Wireshark 1.8.x before 1.8.7: Denial of Service Vulnerability Denial of Service Vulnerability in Wireshark Websocket Dissector Stack-based Buffer Overflow in Lianja SQL Server Allows Remote Code Execution Unauthenticated Directory Listing Vulnerability in VideoLAN VLC Media Player Multiple Cross-Site Scripting (XSS) Vulnerabilities in VideoLAN VLC Media Player Arbitrary Code Execution via Untrusted YAML Deserialization in Puppet CSRF Vulnerability in Cisco Linksys WRT110 Denial of Service Vulnerability in socat 1.2.0.0 - 1.7.2.2 and 2.0.0-b1 - 2.0.0-b6 UniFi Controller Cross-Site Scripting (XSS) Vulnerability Unspecified Injection Attacks in HP Insight Diagnostics 9.4.0.4710 HP Insight Diagnostics 9.4.0.4710 Absolute Path Traversal Vulnerability Arbitrary File Inclusion in HP Insight Diagnostics 9.4.0.4710 Arbitrary Command Execution Vulnerability in HP System Management Homepage (SMH) SQL Injection Vulnerability in Wave EMBASSY Remote Administration Server (ERAS) Help Desk Application SQL Injection Vulnerability in Wave EMBASSY Remote Administration Server (ERAS) Help Desk Application Denial of Service Vulnerability in Lookout Mobile Security Application Denial of Service Vulnerability in TrustGo Antivirus & Mobile Security Application Sensitive Information Disclosure in Choice Wireless Green Packet WIXFMR-111 4G WiMax Modem's Ajax.cgi Interface Buffer Overflow Vulnerability in Dell BIOS Allows Arbitrary BIOS Installation CSRF Vulnerability in Corporater EPM Suite Allows Password Hijacking Corporater EPM Suite Cross-Site Scripting (XSS) Vulnerability Cleartext Storage of Credentials in Samsung Web Viewer for Samsung DVR Devices Arbitrary SessionID Bypass Vulnerability in Samsung Web Viewer for Samsung DVR Devices BREACH Attack: Exploiting Length Differences in HTTPS Encryption Denial of Service Vulnerability in Zyxel P660 Web Management Interface Arbitrary Web Script Injection Vulnerability in Dell iDRAC6 and iDRAC7 Administrative Web Interface Unrestricted File Upload Vulnerability in SearchBlox 7.5 Build 1 Arbitrary PHP Code Execution Vulnerability in vTiger CRM 5.3 and 5.4 'files' Upload Folder ClearText Vulnerability in Baramundi Management Suite 7.5 through 8.9 Remote Code Execution and Denial of Service Vulnerability in Dell PowerConnect Switches Denial of Service Vulnerability in Dell PowerConnect Switches Arbitrary Customer Order Information Disclosure in AdvancePro Advanceware Information Disclosure in SearchBlox CollectionListServlet Directory Traversal Vulnerability in SearchBlox Servlet Allows Arbitrary File Overwrite Privilege Escalation Vulnerability in Coursemill Learning Management System (LMS) 6.6 and 6.8 Privilege Escalation in Coursemill Learning Management System (LMS) 6.6 Arbitrary JSP Operations Vulnerability in Coursemill Learning Management System (LMS) 6.6 SQL Injection Vulnerability in Coursemill LMS 6.6 Allows Arbitrary SQL Command Execution Arbitrary Script Injection in Coursemill Learning Management System (LMS) 6.6 Coursemill Learning Management System (LMS) 6.6 Multiple Cross-Site Scripting (XSS) Vulnerabilities Coursemill Learning Management System (LMS) 6.6 Cross-Site Request Forgery (CSRF) Vulnerability Denial of Service Vulnerability in GoAhead Web Server on Dell PowerConnect Switches Multiple Stack-Based Buffer Overflows in Supermicro IPMI Web Interface Arbitrary Command Execution Vulnerability in Supermicro IPMI Web Interface Bypassing Access Restrictions in Supermicro IPMI Web Interface Unauthenticated Access to Administrator Password on ASUS RT-N10E Router Dahua DVR Appliances: Hardcoded Password and Backdoor Vulnerability Dahua DVR Appliances Vulnerability: Unauthorized Access via UPnP Replay Attack Dahua DVR Appliances Vulnerability: Weak Maximum Password Length Weak Password Hash Algorithm in Dahua DVR Appliances Arbitrary Web Script Injection in KnowledgeView Editorial and Management Application XML External Entity (XXE) vulnerability in Openbravo ERP 2.5, 3.0, and earlier Harcoded Private Encryption Keys in Supermicro X9 and X8 Generation Motherboards' IPMI Firmware Critical Vulnerability: Hardcoded WSMan Credentials in Supermicro X9 and X8 Generation Motherboards Remote Code Execution Vulnerability in Supermicro X9 Generation Motherboards Stack-based Buffer Overflow in IPMI Web Interface on Supermicro X9 Generation Motherboards Cleartext Storage of Credentials in Baramundi Management Suite Hardcoded Encryption Key Vulnerability in Baramundi Management Suite Arbitrary File Upload and Execution Vulnerability in Attachmate Verastream Host Integrator (VHI) Session Server Denial of Service Vulnerability in McAfee Framework Service Zabbix 2.0.9 Arbitrary Command Execution Vulnerability Arbitrary PHP Code Execution Vulnerability in ISPConfig 3.0.5.2 Arbitrary Program Execution Vulnerability in Moodle 2.5.2 Remote Code Execution in NAS4Free 9.1.0.1.804 and Earlier via exec.php Arbitrary Command Execution Vulnerability in OpenMediaVault's Cron Service Privilege Escalation Vulnerability in SCALANCE X-200 and X-200IRT Switches Vulnerability in SCALANCE X-200 and X-200IRT Switches: Insufficient User Credential Check in SNMPv3 Implementation Stored XSS Vulnerability in ProjectPier 0.8.8 Remote Information Disclosure Weakness in ProjectPier 0.8.8: Lack of HttpOnly Cookie Flag Insecure Cookie Handling in ProjectPier 0.8.8 SQL Injection Vulnerability in Boonex Dolphin before 7.1.3 via 'pathes' parameter in 'categories.php' Multiple Cross-Site Scripting (XSS) Vulnerabilities in Xaraya 2.4.0-b1 and Earlier FileMaker Pro Instant Web Publish XSS Vulnerability Vulnerability: Insecure SSL Certificate Verification in Pizza Hut Japan Official Order Application WebView Class Implementation Vulnerability in Angel Browser Application Galapagos Browser Android App WebView Class Information Disclosure Vulnerability Remote Code Execution Vulnerability in JustSystems Ichitaro Software Orchard.Comments Module XSS Vulnerability Arbitrary Java Method Execution and Command Injection Vulnerability in Cybozu Live Application for Android Arbitrary JavaScript Code Execution and Information Disclosure in Cybozu Live Android Application Unspecified form field XSS vulnerability in KENT-WEB POST-MAIL before 6.7 Arbitrary Web Script Injection in KENT-WEB CLIP-MAIL before 3.4 Directory Traversal Vulnerability in LOCKON EC-CUBE before 2.12.5 Remote PHP Code Injection Vulnerability in LOCKON EC-CUBE 2.11.2 through 2.12.4 Arbitrary Script Injection in LOCKON EC-CUBE 2.11.0 through 2.12.4 Cross-Site Scripting (XSS) Vulnerabilities in LOCKON EC-CUBE's RecommendSearch Feature Arbitrary Image File Read Vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 Denial of Service Vulnerability in Sharp AQUOS PhotoPlayer HN-PP150 Firmware Session Management Vulnerability in Cybozu Office 9.1.0 and Earlier VMware ESXi and ESX Buffer Overflow Vulnerability Arbitrary File Deletion Vulnerability in VMware ESXi and ESX Vulnerability: Improper Wi-Fi Connection in NTT DOCOMO Overseas Usage Application Win32k Read AV Vulnerability Denial of Service Vulnerability in EPATHOBJ::bFlatten Function Stack-based Buffer Overflow in Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 via Crafted Color Palette Table in MAC Pict Texture Remote Code Execution Vulnerability in Trimble SketchUp via Crafted RLE8 Compressed BMP Remote Code Execution Vulnerability in Trimble SketchUp (formerly Google SketchUp) Pre-2013 (13.0.3689) via Crafted Color Palette Table in MAC Pict Texture Arbitrary Code Execution Vulnerability in Autodesk AutoCAD, AutoCAD LT, and DWG TrueView LG Optimus G E973 Hidden Menu Arbitrary Command Execution Vulnerability Insecure Software Update Mechanism Allows Tampering or Corruption of Updates Out-of-bounds array access vulnerability in libavcodec in FFmpeg Invalid Pointer Dereference Vulnerability in FFmpeg's libavutil Out-of-bounds Array Access Vulnerability in FFmpeg's mm_decode_inter Function Out-of-bounds Array Access and Application Crash in FFmpeg's gif_decode_frame Function Out-of-bounds Array Access Vulnerability in FFmpeg CD Graphics Video Decoding Integer Overflow and Out-of-Bounds Array Access Vulnerability in FFmpeg Unspecified Remote Code Execution Vulnerabilities in SAP Governance, Risk, and Compliance (GRC) File Upload Vulnerability in NextGEN Gallery Plugin for WordPress Privilege Escalation Vulnerability in Sprite Software Spritebud and Backup on LG Android Smartphones Remote Password Disclosure in AirLive WL2600CAM and Other Camera Models Cleartext Storage Vulnerability in AirLive Camera Models Vulnerability: Unrestricted Administrative Access in TP-Link IP Cameras Improper Access Restriction in Brickcom Camera Models: Disclosure of Sensitive Information CSRF Vulnerability in Brickcom Camera Firmware 3.1.0.8 and Earlier AirLive POE-2600HD Denial of Service Vulnerability Weak Permissions in BlackBerry Protect Object Allows Bypass of Access Restrictions Arbitrary Package Execution Vulnerability in BlackBerry Universal Device Service Unauthenticated Remote File Access in BlackBerry Link Integer Overflow Privilege Escalation in Novell Client Kernel Drivers Insufficient Write Permission Check in Open Build Service API Controller Misleading Key Fingerprint in libzypp RPM GPG Key Import and Handling Denial of Service Vulnerability in VBA32 AntiRootKit Component for Novell Client 2 SP3 Novell ZENworks Configuration Management (ZCM) 11.2 PreBoot Service Directory Traversal Vulnerability Denial of Service Vulnerability in HTTPSTK Service Denial of Service Vulnerability in Novell iPrint Client 5.93 Weak Permissions in WebYaST 1.3 Allow Local Privilege Escalation via secret_token.rb Insecure Secret Key Generation in SUSE Lifecycle Management Server (SLMS) Static Secret Tokens Vulnerability in SUSE Studio Onsite 1.3.x and SUSE Studio Extension for System z 1.3 Root User Added to users Group in aaa_base Image Creation Configuration Vulnerability in Evince: Unchecked Number of Pages Leading to Segmentation Fault Arbitrary Web Script Injection in aiContactSafe Component for Joomla! Arbitrary Web Script Injection in Feedweb Plugin for WordPress SQL Injection Vulnerability in awards.php in PsychoStats 3.2.2b OpenSIPS Denial of Service Vulnerability in lookup.c Null Character Denial of Service Vulnerability in Monkey 1.1.1 Admin Account Takeover Vulnerability in Invision Power Board (IPB) 3.x SQL Injection Vulnerability in Kasseler CMS Allows Remote Code Execution Arbitrary Script Injection in Kasseler CMS before 2 r1232 CSRF Vulnerabilities in Kasseler CMS before 2 r1232 Allow SQL Injection Attacks (CVE-2013-3727) Cleartext Datasource Password Exposure in JBoss Application Server Denial of Service Vulnerability in PHP Zend Engine Arbitrary Web Script Injection via File Name in MobileUI Extension of Request Tracker (RT) Session Reuse Vulnerability in MobileUI Extension for Request Tracker Zabbix 2.0.6 File Inclusion Vulnerability Arbitrary File Read Vulnerability in Network Weathermap 0.97c and Earlier Cross-site scripting (XSS) vulnerability in phpMyAdmin's Create View page (view_create.php) in versions before 4.0.3 Unspecified vulnerability in Java Runtime Environment (JRE) allows remote attackers to affect confidentiality, integrity, and availability via AWT vectors Unspecified Remote Integrity Vulnerability in Oracle Java SE 7 Update 21 and Earlier Unspecified Local Availability Vulnerability in Oracle Solaris Libraries/Libc Unspecified vulnerability in Solaris Cluster component allows local users to affect confidentiality, integrity, and availability Unspecified Confidentiality Vulnerability in Oracle E-Business Suite Remote Denial of Service Vulnerability in Oracle Solaris 11 via Driver/IDM (iSCSI Data Mover) Unspecified Confidentiality Vulnerability in Oracle E-Business Suite Unspecified Local Vulnerability in Oracle Solaris 11 Affects Confidentiality, Integrity, and Availability Unspecified XML Parser Vulnerability in Oracle Database Server Remote Integrity Vulnerability in Oracle Solaris 11 SMF Remote Denial of Service Vulnerability in Oracle Solaris 11 Unspecified vulnerability in Solaris Cluster component allows local users to affect confidentiality, integrity, and availability Unspecified Remote Integrity Vulnerability in Oracle Access Manager Component Unspecified vulnerability in Oracle Landed Cost Management component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 Remote Code Execution Vulnerability in Oracle Solaris SMF/File Locking Services Unspecified integrity vulnerability in Oracle Enterprise Manager Grid Control Unspecified Integrity Vulnerability in PeopleSoft Enterprise PeopleTools Component Unspecified vulnerability in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 Unspecified Integrity Vulnerability in Oracle PeopleSoft Products Portal 9.1 and PeopleTools 8.52 Unspecified Remote Integrity Vulnerability in Oracle Enterprise Manager Grid Control Unspecified vulnerability in Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 Unspecified vulnerability in Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 Unspecified Local Availability Vulnerability in Oracle Solaris 11 Unspecified Remote Integrity Vulnerability in Primavera P6 Enterprise Project Portfolio Management Unspecified Remote Integrity Vulnerability in Oracle E-Business Suite Access Gate 1.2.1 Unspecified Remote Code Execution Vulnerability in PeopleSoft Enterprise PeopleTools Component Unspecified Integrity Vulnerability in Oracle WebCenter Content Component Unspecified vulnerability in Oracle WebCenter Content component in Oracle Fusion Middleware Unspecified vulnerability in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 Unspecified Integrity Vulnerability in Oracle WebCenter Content Component Unspecified Remote Availability Vulnerability in SPARC Enterprise M Series Servers Unspecified Remote Vulnerability in Oracle Database Server Unspecified Remote Integrity Vulnerability in Oracle iLearning Component Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware Unspecified Remote Integrity Vulnerability in Oracle E-Business Suite Unspecified Remote Integrity Vulnerability in Oracle E-Business Suite 12.0.6 and 12.1.3 Unspecified Remote Code Execution Vulnerability in Oracle Virtualization All 4.6 Releases Confidentiality vulnerability in Oracle PeopleSoft Products 9.1 through PeopleSoft Enterprise Portal component Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware Unspecified Remote Integrity Vulnerability in Oracle Virtualization's Secure Global Desktop Component Unspecified Remote Availability Vulnerability in MySQL Server Component Unspecified vulnerability in PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1: Confidentiality and Integrity Impact via Time and Labor Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise HRMS Component Unspecified Local Vulnerability in Oracle Solaris Kernel Unspecified Remote Kernel Vulnerability in Oracle Solaris 10 and 11 Unspecified Integrity Vulnerability in Oracle iSupplier Portal Component Unspecified Remote Vulnerability in Oracle Database Server Unspecified Privileged Account Integrity Vulnerability in Oracle Database Server Unspecified Remote Integrity Vulnerability in Oracle Enterprise Manager Grid Control Unspecified vulnerability in Oracle VM VirtualBox component allowing local users to affect availability Unspecified vulnerability in MySQL Server component allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language Unspecified Remote Availability Vulnerability in MySQL Server Unspecified vulnerability in MySQL Server component allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language Unspecified Remote Availability Vulnerability in MySQL Server Unspecified Local Denial of Service Vulnerability in Oracle Solaris 11 Unspecified Remote Code Execution Vulnerability in MySQL Server Component Unspecified Local Denial of Service Vulnerability in Oracle Solaris 10 and 11 on AMD64 Unspecified Remote Code Execution Vulnerability in Oracle PeopleSoft Products Unspecified Remote Availability Vulnerability in MySQL Server Unspecified Remote Availability Vulnerability in MySQL Server Component Unspecified Confidentiality Vulnerability in Oracle Hyperion BI+ Component Unspecified Remote Availability Vulnerability in MySQL Server Unspecified vulnerability in MySQL Server component allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements Unspecified Remote Availability Vulnerability in MySQL Server Component Unspecified Remote Code Execution Vulnerability in MySQL Server Unspecified Remote Availability Vulnerability in MySQL Server Unspecified Integrity Vulnerability in MySQL Server Component Unspecified XA Transaction Vulnerability in Oracle MySQL Server 5.6.11 and Earlier Unspecified Remote Availability Vulnerability in MySQL Server Component Unspecified Remote Availability Vulnerability in MySQL Server Replication Remote Code Execution Vulnerability in Oracle Solaris 10 Unspecified vulnerability in Oracle Retail Invoice Matching component allows remote authenticated users to affect confidentiality and integrity Unspecified vulnerability in Oracle Policy Automation component in Oracle Industry Applications Unspecified Remote Integrity Vulnerability in Oracle PeopleSoft Products Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component allows remote attackers to affect confidentiality and availability via unknown vectors related to Mobile Applications Unspecified Remote Code Execution Vulnerability in PeopleSoft Enterprise PeopleTools Component Unspecified vulnerability in PeopleSoft Enterprise PeopleTools component allows remote attackers to affect confidentiality and availability Unspecified Remote Integrity Vulnerability in Oracle Agile PLM Framework Unspecified Confidentiality Vulnerability in Oracle Agile PLM Framework Unspecified Integrity Vulnerability in Oracle Agile Collaboration Framework Component in Oracle Supply Chain Products Suite 9.3.1 Unspecified Confidentiality Vulnerability in Oracle Agile Product Collaboration Component Unspecified Remote Confidentiality Vulnerability in Oracle Database Server Unspecified vulnerability in Oracle Fusion Middleware components allows remote attackers to affect confidentiality Unspecified Confidentiality Vulnerability in Oracle Web Services Component Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries Unspecified vulnerability in Hyperion Strategic Finance component in Oracle Hyperion 11.1.2.1 and 11.1.2.2 Unspecified vulnerability in Oracle Portal component in Oracle Fusion Middleware 11.1.1.6.0 Unspecified File System Management Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Integrity Vulnerability in Oracle Access Manager Component Unspecified Remote Availability Vulnerability in Oracle Secure Global Desktop Component Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified vulnerability in Oracle Web Cache component affecting confidentiality via ESI/Partial Page Caching Unspecified Remote Availability Vulnerability in Oracle Solaris 10 and 11.1 Unspecified Local Availability Vulnerability in Oracle SPARC Enterprise T & M Series Servers Unspecified Remote Availability Vulnerability in MySQL Server Unspecified Confidentiality Vulnerability in Oracle Siebel CRM's EAI Component Unspecified Web Services Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Confidentiality vulnerability in Oracle Solaris 10 related to Oracle Configuration Manager (OCM) Stack-based Buffer Overflow in Monkey HTTP Daemon Allows Remote Code Execution Internet Explorer Memory Corruption Vulnerability Internet Explorer Use-After-Free Vulnerability Word Memory Corruption Vulnerability Word Memory Corruption Vulnerability Word Memory Corruption Vulnerability Word Memory Corruption Vulnerability Word Memory Corruption Vulnerability in Microsoft Office 2003, 2007, and Compatibility Pack Word Memory Corruption Vulnerability Word Memory Corruption Vulnerability Microsoft Office 2007 SP3 and Word 2007 SP3 Memory Corruption Vulnerability Word Memory Corruption Vulnerability Word Memory Corruption Vulnerability in Microsoft Word 2003 SP3 and Word Viewer Word Memory Corruption Vulnerability Word Memory Corruption Vulnerability Chinese IME Privilege Escalation Vulnerability Entity Expansion Vulnerability in Microsoft .NET Framework JSON Parsing Vulnerability in Microsoft .NET Framework Windows Double Free Privilege Escalation Vulnerability OLE Property Vulnerability Win32k Multiple Fetch Vulnerability Win32k Multiple Fetch Vulnerability Win32k Elevation of Privilege Vulnerability Remote Anonymous DoS Vulnerability in Microsoft Active Directory Services Digital Signatures Denial of Service Vulnerability Double Free Vulnerability in Microsoft Outlook: Exploiting Nested S/MIME Certificates Internet Explorer Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer 9 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Man-in-the-Middle Attack Vulnerability in DirectAccess LRPC Client Buffer Overrun Vulnerability Win32k Use After Free Vulnerability App Container Elevation of Privilege Vulnerability Win32k NULL Page Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer 10 Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Ancillary Function Driver Information Disclosure Vulnerability DirectX Graphics Kernel Subsystem Double Fetch Vulnerability Microsoft Excel Memory Corruption Vulnerability Microsoft Excel Memory Corruption Vulnerability Memory Corruption Vulnerability in Microsoft Word 2003 SP3 Memory Corruption Vulnerability in Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 Use-after-free vulnerability in SetMouseCapture implementation in mshtml.dll in Internet Explorer allows remote code execution TrueType Font CMAP Table Vulnerability Clickjacking Vulnerability in Microsoft SharePoint Server 2007 and 2010 Pointer Validation Vulnerability in Microsoft Silverlight 5 Internet Explorer CDisplayPointer Use-After-Free Vulnerability Address Corruption Vulnerability in Microsoft Windows 8 and Windows Server 2012 Hyper-V Win32k Memory Corruption Vulnerability WinVerifyTrust Signature Validation Vulnerability Win32k Use After Free Vulnerability TrueType Font Parsing Vulnerability in win32k.sys S/MIME AIA Vulnerability in Microsoft Outlook Remote Code Execution Vulnerability in GDI+ via Crafted TIFF Image Port-Class Driver Double Fetch Vulnerability Print-Preview Information Disclosure Vulnerability in Internet Explorer Internet Explorer CSS Token Sequence Information Disclosure Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability InformationCardSigninHelper ActiveX Control Remote Code Execution Vulnerability Denial of Service Vulnerability in ISC BIND 9.8.5, 9.9.3, and 9.6-ESV-R9 Arbitrary Script Injection in Jahia xCM About Me Field Easytime Studio Easy File Manager 1.1 for iOS Directory Traversal Vulnerability Arbitrary File Read Vulnerability in Gummy Bear Studios FTP Drive + HTTP Server 1.0.4 and Earlier Directory Traversal Vulnerability in SavySoda WiFi HD Free before 7.0 Arbitrary File Read and HTTP Request Vulnerability in Atlassian Crowd Unconfirmed Remote Code Execution Vulnerability in Atlassian Crowd 2.6.3 Unspecified Local Privilege Escalation Vulnerability in Siemens COMOS Client Library Chasys Draw IES Stack-based Buffer Overflow in ReadFile Function Arbitrary Script Injection in CMS Made Simple (CMSMS) 1.11.9 Remote Code Execution Vulnerability in Core FTP Arbitrary Script Injection in Jomres Component (com_jomres) for Joomla! Arbitrary SQL Command Execution Vulnerability in Jomres Component for Joomla Arbitrary Script Injection in JoomShopping Component (com_joomshopping) for Joomla! Remote Code Execution Vulnerability in Kingsoft Writer 2012 8.1.0.3030 CSRF Vulnerability in Opsview Allows Password Hijacking Opsview Multiple Cross-Site Scripting (XSS) Vulnerabilities Heap-based Buffer Overflow in XnView Allows Remote Code Execution via BMP File Arbitrary Code Execution via Integer Overflow in XnView 2.13 Heap-based Buffer Overflow in XnView (CVE-2012-0254) Graphics Device Interface Integer Overflow Vulnerability in Microsoft Windows Arbitrary Code Execution via Xjp2.dll in XnView Potplayer DLL Loading Arbitrary Code Execution Vulnerability Arbitrary Script Injection in DotNetNuke (DNN) Manage Profile Display Name Field Arbitrary Code Execution Vulnerability in MrSID Plugin for IrfanView Arbitrary Code Execution Vulnerability in MrSID Plugin for IrfanView Arbitrary Code Execution Vulnerability in MrSID Plugin for IrfanView Privilege Escalation via Crafted IOCTL Call in AhnLab V3 Internet Security 8.0.7.5 Open Redirect Vulnerability in Apple iOS 6.1.3 Allows Installation of Arbitrary Applications Bypassing Access Restrictions in Apple Mac OS X 10.8.x via posix_spawn System Call Vulnerability Stack-based Buffer Overflow in dyld.cpp in Apple iOS 5.1.x and 6.x through 6.1.3 Stack Cookie Bypass Vulnerability in Apple iOS and Mac OS X KASLR Bypass Vulnerability in XNU Kernel on Mac OS X 10.8.x Uninitialized Structure Member Vulnerability in XNU Kernel Insecure Data Validation in posix_spawn System Call in Apple Mac OS X 10.8.x Apple iOS XNU Kernel AppleDouble File Header Validation Vulnerability Privilege Escalation Vulnerability in Novell Client 4.91 SP5 and Novell Client 2 SP2/SP3 SQL Injection Vulnerability in Siemens WinCC Web Navigator Hardcoded Account Vulnerability in Siemens WinCC Web Navigator User Account Enumeration Vulnerability in Siemens WinCC HTTP Request Security Bypass in Easytime Studio Easy File Manager 1.1 Arbitrary SQL Command Execution in Simple PHP Agenda (before 2.2.9) via edit_event.php Arbitrary Web Script Injection Vulnerability in Grandstream Camera Models Grandstream Camera CSRF Vulnerability: Unauthorized User Addition Arbitrary Web Script Injection Vulnerability in Samsung SHR-5162 and SHR-5082 Remote Code Execution Vulnerability in MongoDB 2.4.0 through 2.4.4 Insecure Trusted Server CA List in Juniper Junos Pulse Secure Access Service and Junos Pulse Access Control Service Unspecified Access Restriction Bypass Vulnerability in IBM Maximo Asset Management Unspecified Information Disclosure Vulnerability in IBM Maximo Asset Management SQL Injection Vulnerability in IBM Maximo Asset Management 7.1 and 7.5 Information Disclosure Vulnerability in IBM Sametime Meeting Server Vulnerability: Unauthorized Access to Personal E-mail in IBM Tivoli Storage Manager for Mail and FlashCopy Manager for Exchange User Enumeration Vulnerability in IBM Sametime Meeting Server Unwanted Caching Vulnerability in IBM Sametime Meeting Server Multiple Cross-Site Scripting (XSS) Vulnerabilities in IBM Cognos Command Center Denial of Service Vulnerability in IBM Sametime Meeting Server Arbitrary User Avatar Photo Download Vulnerability in IBM Sametime Meeting Server Information Disclosure Vulnerability in IBM Sametime Meeting Server Unvalidated URL Redirect Vulnerability in IBM Sametime Meeting Server Insecure Cookie Transmission in IBM Sametime Meeting Server Weak Domain Variable Setting in IBM Lotus Sametime 8.5.2 and 8.5.2.1 Allows Session Variable Reading Denial of Service Vulnerability in IBM Lotus Sametime 8.5.2 and 8.5.2.1 Clickjacking Vulnerability in IBM Sametime Meeting Server Cleartext Password Exposure in IBM Security AppScan Enterprise 8.x IBM Domino 9.0 iNotes MIME E-mail XSS Vulnerability (SPR PTHN98FLQ2) CSRF Vulnerability in IBM InfoSphere BigInsights 2.0 through 2.1 Bypassing File and Directory Restrictions in IBM InfoSphere BigInsights IBM InfoSphere BigInsights XSS Vulnerability Phishing Vulnerability in IBM InfoSphere BigInsights 1.1 through 2.1 Open Redirect Vulnerability in IBM InfoSphere BigInsights Web Application Enterprise Console CRLF Injection Vulnerability in IBM InfoSphere BigInsights Web Application Enterprise Console IBM Social Media Analytics 1.2 XSS Vulnerability CSRF Vulnerabilities in IBM Cognos Command Center before 10.2 Session Fixation Vulnerability in IBM Cognos Command Center before 10.2 XML Attribute Name Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x Arbitrary Web Script Injection in IBM WebSphere Application Server Administrative Console Arbitrary Web Script Injection in IBM WebSphere Application Server Administrative Console Weak Permissions in IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 Allow Local Information Disclosure Cross-site scripting (XSS) vulnerability in adv_sw.php in IBM BladeCenter AMM firmware before BBET64G and BPET64G Unspecified Privilege Escalation Vulnerabilities in IBM AIX and VIOS InfiniBand Subsystem Unauthenticated Remote File Modification and Denial of Service Vulnerability in IBM WebSphere Portal 8.0.0.x Unspecified Remote Information Disclosure Vulnerability in IBM Maximo Asset Management Arbitrary Web Script Injection Vulnerability in IBM Maximo Asset Management Privilege Escalation Vulnerability in Microsoft Internet Explorer 6-10 SQL Injection Vulnerability in IBM Maximo Asset Management and Related Products Arbitrary SQL Command Execution Vulnerability in IBM Maximo Asset Management 7.1 Sensitive Information Disclosure in IBM Maximo Asset Management Arbitrary Web Script Injection Vulnerability in IBM Maximo Asset Management Bypassing Access Restrictions in IBM Maximo Asset Management File-Inclusion Vulnerability in IBM Maximo Asset Management Unspecified Authentication Information Storage Vulnerability in IBM Data Studio Web Console, Optim Performance Manager, InfoSphere Optim Configuration Manager, and DB2 Recovery Expert Session Cookie Sniffing Vulnerability in IBM Data Studio Web Console, Optim Performance Manager, InfoSphere Optim Configuration Manager, and DB2 Recovery Expert Lack of Autocomplete Attribute in IBM Data Studio Web Console and Other Products Allows Unauthorized Access Bypassing Access Restrictions in IBM Maximo Asset Management Weak SSL/TLS Cipher Suites Vulnerability Default Password Vulnerability in IBM BladeCenter, Flex System, and System x Servers Denial of Service Vulnerability in IBM DB2 FCM Remote Code Execution via EXPLAIN Authority in IBM DB2 and DB2 Connect XML External Entity (XXE) vulnerability in IBM Cognos Business Intelligence versions 8.4.1, 10.1.0, 10.1.1, 10.2.0, and 10.2.1 allows remote authenticated users to read arbitrary files. Unencrypted Session Vulnerability in IBM Sterling Connect:Direct for OpenVMS Arbitrary Web Script Injection in IBM InfoSphere Master Data Management Server for Product Information Management and Collaborative Edition Weak Password Hashing in IPMI Implementation on IBM Servers Cleartext Password Storage Vulnerability in IBM BladeCenter, Flex System, and System x Servers Information Disclosure and Access Restriction Bypass in IBM WebSphere Extended Deployment Compute Grid 8.0 Weak Permissions in IBM Tivoli Application Dependency Discovery Manager (TADDM) Configuration and Log Files Unspecified Remote Access Vulnerability in IBM Java SDK Unspecified Remote Code Execution Vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 Arbitrary File Read Vulnerability in IBM SPSS Collaboration and Deployment Services Information Disclosure Vulnerability in IBM SPSS Collaboration and Deployment Services Arbitrary Web Script Injection Vulnerability in IBM SPSS Collaboration and Deployment Services Open Redirect Vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 Arbitrary Web Script Injection Vulnerability in IBM SPSS Analytical Decision Management Arbitrary Script Injection Vulnerability in IBM SPSS Analytical Decision Management Unrestricted File Upload Vulnerability in IBM SPSS Analytical Decision Management CSRF Vulnerability in IBM Domino Web Administrator Arbitrary Web Script Injection Vulnerability in IBM Domino Web Administrator Arbitrary script injection vulnerability in IBM WebSphere Application Server UDDI Administrative Console Improper X.509 Certificate Verification in IBM WebSphere Application Server Arbitrary File Read Vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 Unspecified Cross-Site Scripting (XSS) Vulnerability in IBM Domino Web Administrator CSRF Vulnerability in IBM InfoSphere Information Server XML Pack Cross-Site Request Forgery (CSRF) Vulnerability in IBM InfoSphere Information Server SQL Injection Vulnerabilities in IBM InfoSphere Information Server Arbitrary Web Script Injection in IBM InfoSphere Information Server Authorization Bypass Vulnerability in IBM Rational Policy Tester 8.5 Unverified X.509 Certificate Vulnerability in IBM Rational Policy Tester 8.5 Arbitrary Web Script Injection in iNotes in IBM Domino 8.5.x and 9.0.x Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x and 9.0.x Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x and 9.0.x Clickjacking Vulnerability in IBM InfoSphere Information Server Session Hijacking and Credential Theft Vulnerability in IBM InfoSphere Information Server Buffer Overflow Vulnerability in iNotes in IBM Domino 8.5.3 and 9.0 XML External Entity (XXE) Vulnerability in IBM SPSS Collaboration and Deployment Services Information Disclosure Vulnerability in IBM SPSS Collaboration and Deployment Services Vulnerability: SSL Server Spoofing via Crafted Certificate Denial of Service Vulnerability in Wireshark CAPWAP Dissector Memory Initialization Vulnerability in GMR-1 BCCH Dissector in Wireshark 1.8.x Buffer Overflow in Wireshark PPP Dissector Allows Remote Denial of Service Array Index Error in NBAP Dissector in Wireshark 1.8.x before 1.8.8 Denial of Service Vulnerability in Wireshark RDP Dissector Denial of Service Vulnerability in Wireshark GSM CBCH Dissector Denial of Service Vulnerability in Assa Abloy R3 Dissector in Wireshark 1.8.x Denial of Service Vulnerability in Wireshark HTTP Dissector Heap-based Buffer Overflow in Ixia IxVeriWave File Parser in Wireshark 1.8.x Denial of Service Vulnerability in DCP ETSI Dissector in Wireshark Ticket Restriction Bypass in OTRS 3.x Varnish HTTP Cache ACL Bug Lack of Autocomplete Attribute in SecureSphere Operations Manager (SOM) Management Server Login Page Sensitive Information Disclosure in Imperva SecureSphere 9.0.0.5 Information Disclosure in Imperva SecureSphere 9.0.0.5 Remote Code Execution via Key Management in Imperva SecureSphere 9.0.0.5 Arbitrary Command Execution in Imperva SecureSphere 9.0.0.5 Arbitrary Command Execution Vulnerability in DS3 Authentication Server Information Disclosure Vulnerability in ServerAdmin/TestDRConnection.jsp Arbitrary Error-Page Text Injection in DS3 Authentication Server via ServerAdmin/ErrorViewer.jsp Multiple Arbitrary Code Execution Vulnerabilities in JOAL 2.0-rc11 Cryptocat < 2.0.22 Vulnerability: Remote Denial of Service via Username HTML Injection Vulnerability in Cryptocat Weak Random Number Generator in Cryptocat before 2.0.22 Remote Script Injection Vulnerability in Cryptocat (versions prior to 2.0.22) Weak Encryption Vulnerability in Cryptocat (Version 2.0.22 and earlier) - Socialist Millionaire Protocol Cryptocat Multiparty Encryption Scheme Information Disclosure Vulnerability Cross-site Scripting (XSS) Vulnerability in Cryptocat Conversation Overview Nickname Cross-Site Scripting Vulnerability in Cryptocat.js handlePresence() Function Unspecified Vulnerabilities in Cryptocat Project Cryptocat 2.0.18 Unspecified Cross-Site Scripting (XSS) Vulnerability in Cryptocat Message Handling 1.1.165 Cryptocat Chat Participant User List Disclosure Vulnerability Insecure SSL Certificate Verification in Python-Glanceclient Arbitrary Code Execution and Information Disclosure in JGroup DiagnosticsHandler XML Parsing Depth Vulnerability in PHP 5.3.27 and earlier Cleartext Base64 Transmission Vulnerability in Nagstamont before 0.9.10 Buffer Overflow in idnsALookup Function in Squid 3.2 through 3.3.6 Symlink Attack Vulnerability in Node Packaged Modules (npm) Arbitrary Code Injection via ID Parameter in Category Grid View Gallery Plugin for WordPress Denial of Service Vulnerability in FreeRDP before 1.1.0-beta1 Denial of Service Vulnerability in FreeRDP before 1.1.0-beta+2013071101 Katello API OAuth Authentication Denial of Service Vulnerability Remote Denial of Service Vulnerability in Cyrus SASL 2.1.23 and Earlier Denial of Service Vulnerability in Squid 3.2.x and 3.3.x Integer Overflow Vulnerability in Samba's read_nttrans_ea_list Function Denial of Service Vulnerability in Linux Kernel's IPv6 Stack Use-after-free vulnerability in vhost_net_set_backend function allows denial of service in Linux kernel Session Hijacking Vulnerability in Red Hat JBoss EAP 6.1.0 Linux Kernel Bridge Multicast Implementation Denial of Service Vulnerability Denial of Service Vulnerability in SPICE Server Denial of Service Vulnerability in mod_dav_svn Apache HTTPD Server Module Denial of Service Vulnerability in KDE-Workspace 4.10.5 and Earlier Memory Leak in KDE-Workspace Plasma Desktop (CVE-XXXX-XXXX) Weak Encryption Vulnerability in OpenAFS Cleartext Data Leakage Vulnerability in OpenAFS 1.6.x Privilege Escalation via Symlink Attack in Phusion Passenger Gem SQL Injection Vulnerabilities in StatusNet 1.0 and 1.1.0 Arbitrary Code Injection Vulnerability in Hatch Theme for Drupal Denial of Service Vulnerability in Stage File Proxy Module for Drupal Arbitrary Code Injection Vulnerability in TinyBox Module for Drupal Bypassing Screen Lock in xlockmore 5.43 and Earlier Versions Object Injection Vulnerability in SWFUpload Plugin for WordPress Multiple Format String Vulnerabilities in YARD RADIUS 1.1.2 Buffer overflow vulnerability in QEMU virtio-net driver allows remote code execution Buffer Overflow in virtio_net_load Function in QEMU Out-of-bounds Write Vulnerability in QEMU's virtio_net_load Function Out-of-Bounds Write Vulnerability in QEMU virtio_load Function XML External Entity (XXE) Vulnerability in Spring OXM Wrapper Double free vulnerability in qemuAgentGetVCPUs function in libvirt 1.0.6 through 1.1.0 Denial of Service Vulnerability in libvirt's qemuAgentCommand Function Denial of Service Vulnerability in OpenStack Swift Memory Corruption Vulnerability in Apache OpenOffice.org (OOo) Local File Overwrite Vulnerability in Red Hat Storage 2.0 Incomplete Fix for XSS Vulnerability in Smokeping Before 2.6.9 (CVE-2012-0790) Multiple Temporary File Vulnerabilities in ctdb before 2.3 in OpenSUSE 12.3 and 13.1 Denial of Service Vulnerability in Little CMS (lcms2) Improper Patch Application in gksu-polkit-0.0.3-6.fc18 for CVE-2012-5617 Denial of Service Vulnerability in Linux Kernel's IPv6 UDP Implementation Denial of Service Vulnerability in Linux Kernel's IPv6 Implementation Heap-based Buffer Overflow in Ruby's Floating Point Conversion Timing Side-Channel Attack Vulnerability in HTTPAuthorized Function of bitcoind 0.8.1 Improper Key Selection in GPG Encryption in GNOME Evolution and Evolution Data Server Arbitrary Web Script Injection Vulnerability in CMS Made Simple (CMSMS) before 1.11.7 SmokePing 2.6.9 XSS Vulnerability in Start and End Time Fields Local Privilege Escalation Vulnerability in GNOME Display Manager (gdm) Ember.js View `tagName` Property XSS Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Apache Roller before 5.0.2 Remote Code Execution Vulnerability in Red Hat CloudForms Management Engine 5.1 Directory Traversal Vulnerability in Xymon 4.x Allows Remote File Deletion Multiple Cross-Site Scripting (XSS) Vulnerabilities in Scald Module for Drupal Local Denial of Service Vulnerability in MySecureShell 1.31 Local Information Disclosure Vulnerability in mysecureshell 1.31 Bypassing Two-Factor Authentication in Google Authenticator Login Module for Drupal Replay Attack Vulnerability in Google Authenticator Login Module for Drupal XML Entity Expansion (XEE) Attack in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier Denial of Service Vulnerability in Foreman HostController Arbitrary Web Script Injection Vulnerability in oVirt Engine and RHEV-M Arbitrary Host Access Vulnerability in Foreman API Insufficient Data Clearing in LVMVolumeDriver Allows Information Disclosure Vulnerability: Symlink Attack in Data::UUID Perl Module (CPAN v1.219) Denial of Service Vulnerability in OpenStack Compute (Nova) Access Restriction Bypass in Flippy Module for Drupal Denial of Service Vulnerability in Plone 2.1 through 4.3.1 Unspecified Remote Access Vulnerabilities in Plone Multiple Cross-Site Scripting (XSS) Vulnerabilities in Plone Improper Access Restriction in zip.py Allows Information Disclosure Email Spoofing Vulnerability in Plone's sendto.py Unspecified Content Edit Form Field Hiding Vulnerability in Plone Information Disclosure Vulnerability in Plone WYSIWYG Component Open Redirect Vulnerabilities in Plone 2.1 through 4.3.1 Improper Access Restriction in Plone Object Manager Implementation User Portrait Manipulation Vulnerability in Plone Bypassing Password Change Prohibition via Forgotten Password Email in Plone Denial of Service Vulnerability in Plone's cb_decode.py and linkintegrity.py Arbitrary URL Redirection and Phishing Vulnerability in Plone Remote Code Execution via system remove_deletion Command in Katello Incomplete Fix for XML Entity Expansion (XEE) Attack in OpenStack Cinder Grizzly 2013.1.3 and Earlier Arbitrary Command Execution in rgpg Gem's self.run_gpg Function Cross-Site Scripting (XSS) Vulnerabilities in JUnit Files in Google Web Toolkit (GWT) Memory Leak in Linux Kernel's unshare_userns Function PuTTY Heap-Based Buffer Underflow Vulnerability in modmul Function Buffer Overflow in PuTTY SSHbn.c Allows Remote Denial of Service Memory Leakage in rsa_verify Function in PuTTY Information Disclosure Vulnerability in ABRT 2.1.6 and earlier Denial of Service Vulnerability in org.jboss.remoting.transport.socket.ServerThread Class OpenX Ad Server 2.8.10 Code Execution Vulnerability OGNL Injection in Apache Roller ActionSupport Controller Session Hijacking Vulnerability in Red Hat JBoss EAP 6.1.0 Arbitrary File Overwrite Vulnerability in Nagios Core RSS Newsfeed Privilege Escalation via Symlink Attack in Nagios Plugins 1.4.16 World-writable permissions in wimaxd.log file in Intel WiMAX Network Service Cleartext Password Logging Vulnerability in Intel WiMAX Network Service RSA Private Key Reuse Vulnerability in Intel WiMAX Network Service Integer overflows in Intel WiMAX Network Service: Remote DoS and Code Execution Vulnerability Denial of Service Vulnerability in ARM64 Kernel's bad_mode Function Arbitrary Code Execution via XML Deserialization in Restlet Token Retention Vulnerability in OpenStack Identity (Keystone) World-readable permissions for /etc/nullmailer/remotes in Gentoo Nullmailer package before 1.11-r2 allow unauthorized access to SMTP authentication credentials Unrestricted Entity Write Operations Vulnerability in Drupal RESTful Web Services Module Information Disclosure Vulnerability in Authcache Module for Drupal Cross-Site Request Forgery (CSRF) Vulnerability in Mozilla Persona Module for Drupal Inadequate Access Control in Organic Groups (OG) Module for Drupal Arbitrary Script Injection in Monster Menus Drupal Module Arbitrary Submission Deletion Vulnerability in Monster Menus Module for Drupal Buffer Overflow Vulnerabilities in libtiff: Denial of Service via Crafted GIF Image and Long Filename Use-after-free vulnerability in libtiff 4.0.3 allows remote code execution via crafted TIFF image Integer Overflow and Heap-Based Buffer Overflow in libmodplug's abc_set_parts Function Heap-based Buffer Overflow Vulnerabilities in libmodplug 0.8.8.4 and Earlier Race Condition Vulnerability in Directory Tree Copying and Removal Vulnerability: Privileged Guest Users Can Cause Host Unavailability in Red Hat Enterprise Virtualization 3 and 3.2 Denial of Service and Arbitrary Code Execution Vulnerability in GNU C Library (glibc) 2.18 and Earlier Improper Handling of Null Character in SSL Certificate Subject Alternative Name Field Memory Corruption and Crash Vulnerability in libvirt's xenDaemonListDefinedDomains Function HMS Testimonials Plugin CSRF Vulnerabilities Multiple Cross-Site Scripting (XSS) Vulnerabilities in HMS Testimonials Plugin for WordPress Cache Side-Channel Attack: Private RSA Key Extraction in GnuPG Heap-based Buffer Overflow in readgifimage Function in libtiff Allows Remote Code Execution LZW Decompressor Denial of Service and Arbitrary Code Execution Vulnerability in libtiff Insecure Python Module Load in Orca Allows Arbitrary Code Execution Remote authenticated users with commit access can corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties in Apache Subversion 1.8.x before 1.8.2 Memory Corruption and System Crash Vulnerability in Linux Kernel's build_unc_path_to_root Function Arbitrary SSL Server Spoofing via Crafted X.509 Certificate Cross-site scripting (XSS) vulnerability in Django AdminURLFieldWidget Arbitrary PHP Code Execution through File Upload in TYPO3 6.0.x and 6.1.x Insecure Temporary Directory Creation in scipy.weave Component Insecure Default Public Key Installation in Red Hat Openshift 1 Deployment Script Privilege Escalation and Denial of Service Vulnerability in Linux Kernel on ARM Platform Denial of Service Vulnerability in Condor Policy Definition Evaluator Multiple Buffer Overflow Vulnerabilities in Network Audio System (NAS) 1.9.3 Format string vulnerability in osLogMsg function in NAS 1.9.3 Symlink Attack Vulnerability in Ansible SSH Connection Plugin Symlink Attack Vulnerability in Ansible Playbook Retry File Denial of Service Vulnerability in OpenStack Compute (Nova) with Apache Qpid RPC Backend Privilege escalation via symlink attack in svnwcsub.py Out-of-Bounds Heap Write Vulnerability in libavfilter of FFmpeg Out-of-Bounds Heap Write Vulnerability in FFmpeg's kempf_decode_tile Function NULL Pointer Dereference Vulnerability in av_reallocp_array function in FFmpeg Arbitrary Command Execution in Ajaxplorer before 5.0.1 Bypassing /proc/sys/net Restrictions in Linux Kernel Arbitrary Code Execution via ObjectRepresentation Deserialization in Restlet Sensitive Information Disclosure in BOTCHA Spam Prevention Module for Drupal Unrestricted Access to Node Comments in Entity API Module for Drupal (CVE-2013-7391) Arbitrary Web Script Injection in Password Policy Module for Drupal Arbitrary Web Script Injection in Zen Theme's Breadcrumb Separator Field Stack-based buffer overflows in LittleCMS: Remote Denial of Service Vulnerability Symlink Attack Vulnerability in Svnserve Insecure Enforcement of os-flavor-access:is_public Property in OpenStack Compute (Nova) API Sensitive Information Disclosure in imapsync 1.564 and Earlier RedHat VSDM 4.9.6: Insecure Temporary File Vulnerability Weak Default Permissions on /etc/openshift/server_priv.pem File in Red Hat Openshift 1 Stack-based Buffer Overflow in SPICE 0.12.0 Allows Remote DoS via Long Password Denial of Service Vulnerability in 389 Directory Server Denial of Service Vulnerability in Cumin Ajax Update Request Handling Gentoo PAM S/Key Module Vulnerability: Information Disclosure Request Smuggling Vulnerability in Apache Tomcat Denial of Service (DoS) vulnerability in Gem::Version::VERSION_PATTERN in RubyGems Race Condition Vulnerability in PolicyKit Allows Privilege Escalation Heap-based buffer overflow in OpenJPEG before 1.5.2 due to multiple integer overflows in lib/openjp3d/jp3d.c Stack-based Buffer Overflow in OpenJPEG before 1.5.2 Privilege Escalation via virSecurityManagerSetProcessLabel in libvirt Denial of Service Vulnerability in libvirt 1.1.0 and 1.1.1 Plaintext Password Logging Vulnerability in Red Hat JBoss Operations Network (JON) 3.1.2 PKI Token Revocation Bypass Vulnerability in OpenStack Identity (Keystone) Apache Shindig 2.5.0 PHP Gadget Renderer XML External Entity (XXE) Information Disclosure Vulnerability Uninitialized Pointer Dereference Vulnerability in libvirt Uninitialized Pointer Dereference Vulnerability in libvirt's virFileNBDDeviceAssociate Function Memory Corruption and Application Crash Vulnerability in ImageMagick's ReadGIFImage Function Interpretation Conflict Vulnerability in Linux Kernel's dm-snap-persistent.c Privilege Escalation via PID Spoofing in Linux Kernel Information Disclosure Vulnerability in MediaWiki ResourceLoaderContext.php CSRF Token Disclosure Vulnerability in MediaWiki API Cross-Site Scripting (XSS) vulnerability in MediaWiki API in versions 1.19.x, 1.20.x, and 1.21.x Authentication Bypass Vulnerability in CentralAuth Extension Arbitrary Web Script Injection via PATH_INFO in SyntaxHighlight GeSHi Extension for MediaWiki CSRF Vulnerability in MediaWiki CheckUser Extension Allows Remote User Hijacking Cross-Site Scripting (XSS) Vulnerabilities in Wikibase Extension for MediaWiki Arbitrary Web Script Injection in LiquidThreads Extension for MediaWiki Apache Struts 2 Remote Access Control Bypass Vulnerability Race condition in libvirt allows local users to bypass access restrictions via PolkitUnixProcess PolkitSubject race condition in pkcheck Linux Kernel Denial of Service Vulnerability via UNIX Socket SQL Injection Vulnerability in Moodle X509Extension in pyOpenSSL before 0.13.1 allows SSL server spoofing via crafted certificate Directory Traversal Vulnerability in Django Apache Struts 2 Dynamic Method Invocation Vulnerability Information Leakage Vulnerability in Apache CloudStack API File Injection Vulnerability in Ruby Gem Features 0.3.0: Remote HTML Injection in /tmp Directory Unprivileged Port Access Vulnerability in TORQUE Resource Manager Arbitrary File Creation and Read Vulnerability in TYPO3 File Abstraction Layer (FAL) Arbitrary PHP Code Execution in TYPO3 File Abstraction Layer (FAL) Apache Tomcat Denial of Service Vulnerability Insecure Polkit Authority Invocation in spice-gtk 0.14 and Other Versions PolkitUnixProcess PolkitSubject Race Condition Vulnerability in HPLIP Race condition in RealtimeKit (aka rtkit) 0.5 allows local users to bypass access restrictions via PolkitUnixProcess PolkitSubject Race condition in systemd allows local users to bypass access restrictions via a PolkitUnixProcess PolkitSubject vulnerability Privilege Escalation and Denial of Service Vulnerability in Xen's libxl Library Arbitrary Code Execution via CamelFileName Message Header in Apache Camel Insecure Permissions in LightDM's Temporary .Xauthority File Integer Overflow Vulnerabilities in glibc's Memory Allocation Functions External Entity Injection Vulnerability in OpenPNE 3 opWebAPIPlugin: XML External Entity (XXE) Vulnerabilities Multiple XML External Entity Injection Vulnerabilities in opOpenSocialPlugin Arbitrary Code Execution via PHP Unserialize in WordPress Unvalidated URL Redirection Vulnerability in WordPress Authenticated User Post Authorship Spoofing Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Moodle RSS Feed Parsing Privilege Escalation via xinetd TCPMUX Services Linux Kernel Use-After-Free Privilege Escalation Vulnerability Buffer Overflow in QEMU SCSI Implementation Allows Privilege Escalation via REPORT LUNS Command Improper Management of Consumed Data in Linux Kernel's get_prng_bytes Function Replay Attack Vulnerability in SimpleGeo python-oauth2 Weak Random Number Generation in SimpleGeo python-oauth2 Denial of Service Vulnerability in skb_flow_dissect Function IPv6 SCTP Implementation Vulnerability in Linux Kernel Vulnerability: Key Flags Subpacket Bypass in GnuPG Apache HTTP Server 2.4.6 mod_cache Denial of Service Vulnerability NULL Pointer Dereference Vulnerability in OpenSSL 1.0.1 before 1.0.1f Arbitrary Tenant Injection Vulnerability in OpenStack Glance API Vulnerability: Local HVM Guests Exploit Xen Hypervisor Stack Memory Denial of Service Vulnerability in Xen 4.3.x Live Migration with Large RAM Hosts Denial of Service Vulnerability in eglibc Package's getaddrinfo() Function Denial of Service Vulnerability in FFmpeg's H.264 Decoder Integer Overflow Vulnerability in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 Incorrect Variable Usage in Xen fbld Instruction Emulation Allows Hypervisor Stack Information Leakage Privilege Escalation in WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 Algorithmic Complexity Denial of Service Vulnerability in RubyGems Symlink Attack Vulnerability in oo-analytics-export and oo-analytics-import in Red Hat OpenShift Enterprise Heap-based Buffer Overflow in mod_fcgid module for Apache HTTP Server Null X509HostnameVerifier in Apache HttpClient 4.3.x before 4.3.1 allows for unspecified impact via hostname verification vectors World-Writable File Vulnerability in oVirt-Engine 3.2 Uninitialized Variable in Xen Hypervisor Allows Information Disclosure Denial of Service Vulnerability in libxlu Library Use-after-free and Double Free Vulnerability in Xen OCaml Binding Use-after-free vulnerability in libxl_list_cpupool function in Xen Cross-Site Scripting (XSS) Vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse and JBoss A-MQ Arbitrary File Upload Vulnerability in JBoss Operations Network (JON) 3.1.2 Insecure Temporary File Vulnerability in RHQ Mongo DB Drift Server Denial of Service Vulnerability in qdisk PV Disk Backend in Xen and QEMU Arbitrary Code Execution Vulnerability in libx2go-server-db-sqlite3-wrapper.c Vulnerability: Use-after-free in virtio-pci implementation in Qemu Arbitrary Web Script Injection via X-Forwarded-For Header in JavaMelody Bypassing Access Restrictions in Make Meeting Scheduler Module for Drupal Arbitrary Script Injection Vulnerability in MediaFront Module for Drupal Arbitrary Script Injection Vulnerability in jQuery Countdown Module for Drupal Arbitrary Script Injection in Google Site Search Module for Drupal Buffer Overflow in read-string! Procedure in CHICKEN Stable and Development Snapshots SQL Injection Vulnerabilities in Foreman 1.2.3: Remote Code Execution via fqdn and hostgroup Parameters Memory Corruption and System Crash Vulnerability in Linux Kernel Buffer Overflow Vulnerability in VLC Media Player's mp4a Packetizer Denial of Service Vulnerability in Action Mailer Log Subscriber in Ruby on Rails 3.x before 3.2.15 Open Redirect Vulnerability in AbstractAuthenticationFormServlet in Apache Sling Auth Core Bundle Integer Overflow and Heap-Based Buffer Overflow in systemd's valid_user_field Function Local Privilege Escalation via Symlink Attack in systemd File Permissions Update Denial of Service Vulnerability in journald of systemd Privilege Escalation via SetX11Keyboard Function in systemd Cross-Site Scripting (XSS) Vulnerability in Simple Machines Forum (SMF) 2.0.5 X.Org X11 doImageText Use-After-Free Vulnerability Integer overflows in th_read function in libtar before 1.2.20 leading to heap-based buffer overflow Use-after-free vulnerability in libvirt remote client Arbitrary File Overwrite Vulnerability in libvirt's virt-login-shell Improper Permission Check in virConnectDomainXMLToNative API Function Denial of Service Vulnerability in GnuPG's Compressed Packet Parser Role Bypass Vulnerability in Cumin in Red Hat Enterprise MRG Grid 2.4 Cross-Site Request Forgery (CSRF) Vulnerabilities in Red Hat Enterprise MRG Grid 2.4's Cumin Web Interface Quick Tabs Module Information Disclosure Vulnerability Arbitrary File Upload Vulnerability in HTTP::Body::Multipart Perl Module Heap-based Buffer Overflow in Samba's dcerpc_read_ncacn_packet_done Function Eval() Vulnerability in Djblets 0.7.21 and Review Board before 1.7.15 Access-Control Problem in ReviewBoard REST API Unauthorized Access to Review Lists via URL Processing in Review Board Vulnerability: NULL Pointer Dereference in slim's crypt() Method (glibc 2.17) Directory Traversal Vulnerability in Wicked Gem Allows Arbitrary File Read Cross-site scripting (XSS) vulnerability in cumin web interface in Red Hat Enterprise MRG Grid 2.4 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Spacewalk and RHN Satellite 5.6 Denial of Service Vulnerability in Ocaml Xenstored Implementation Insecure Temporary Socket File Creation in libguestfs Directory Traversal Vulnerabilities in libtar 1.2.20 and Earlier Denial of Service Vulnerability in Dropbear SSH Server's buf_decompress Function Quassel IRC SQL Injection Vulnerability CloudForms Vulnerability: Storing User Passwords in Recoverable Format Multiple Cross-Site Scripting (XSS) Vulnerabilities in Red Hat JBoss Portal 6.1.0 Hardcoded Password Vulnerability in OsiriX DICOM Listener Incorrect Variable Name in Pyxtrlock Allows Bypass of Lock Screen via Failed Authentication Attempts Unauthenticated Access to Keyboard and Mouse via XCB Library Functions in pyxtrlock OpenStack Glance Image Registry and Delivery Service Unauthorized Image Access Vulnerability Arbitrary Artefact Access Vulnerability in Mahara Arbitrary web script injection vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 via Host header in lib/web.php Arbitrary Block Modification Vulnerability in Mahara Improper Access Restriction in Mahara Versions 1.5.13, 1.6.x, and 1.7.x XHProf 0.9.4 Cross-Site Scripting (XSS) Vulnerability Timing-based User Enumeration in Dropbear SSH Server Remote Code Execution via Routine Embedding in SaltStack 0.15.0 - 0.17.0 Unvalidated SSH Host Key in Salt (aka SaltStack) 0.17.0 Allows MITM Attack Insecure Usage of /tmp in salt-ssh in SaltStack 0.17.0 Arbitrary YAML Code Execution in SaltStack (CVE-2020-11651) Arbitrary Minion Impersonation Vulnerability in SaltStack Weak Non-TTY Password Generation Vulnerability in Pwgen 2.07 Predictable Password Generation Vulnerability in Pwgen 2.06's Phonemes Mode Weak Pseudo Number Generation in Password Generator (Pwgen) Increases Guessability Arbitrary Code Execution via Unrestricted File Upload in Apache Tomcat 7.x Access Token Guessing Vulnerability in Context Module for Drupal Arbitrary PHP Code Execution Vulnerability in Context Module for Drupal Arbitrary Web Script Injection via Email Address in Simplenews Module for Drupal Denial of Service Vulnerability in OpenLDAP's rwm Overlay Denial of Service Vulnerability in Node.js HTTP Server World-writable permissions vulnerability in Gitolite 3.5.3 and earlier versions World-readable permissions in Red Hat JBoss Operations Network 3.1.2 configuration files allow unauthorized access to sensitive information Arbitrary Code Injection via Language Parameter in LDAP Account Manager (LAM) 4.3 and 4.2.1 Multiple Security Bypass Vulnerabilities in WordPress Portable phpMyAdmin Plugin 1.4.1 World-readable permissions for private key file in Katello Installer Arbitrary Command Execution Vulnerability in Cocaine Gem (Ruby) Stack-based Buffer Overflow in getaddrinfo Function in GNU C Library (glibc) 2.18 and Earlier Guest Account Bypass Vulnerability in LightDM Arbitrary Code Injection through Project Name in MantisBT 1.0.0 - 1.2.15 SQL Injection Vulnerability in Cumin Web Interface in Red Hat Enterprise MRG Grid 2.4 Authentication Bypass Vulnerability in WordPress Portable phpMyAdmin Plugin Incomplete Fix for Virtual Size Verification in OpenStack Compute (Nova) Allows Denial of Service Arbitrary Code Execution via Unrestricted File Upload in Simple Machines Forum Buffer Overflow Vulnerability in GnuTLS DANE Library Allows Remote Denial of Service Multiple SQL Injection Vulnerabilities in VICIDIAL Dialer Agent Interface Arbitrary Command Execution in VICIDIAL Dialer Incomplete Fix for Denial of Service Vulnerability in OpenStack Compute (Nova) Memory Corruption and Privilege Escalation Vulnerability in Linux Kernel with UDP Fragmentation Offload (UFO) Insecure Password Change in OpenStack Horizon API Symlink Attack Vulnerability in Xpdf and Poppler Stack-based Buffer Overflow in extractPages function in poppler Format String Vulnerability in extractPages Function in Poppler ACL Bypass Vulnerability in Samba World-readable permissions for private key in Samba 4.0.x and 4.1.x Role Escalation Vulnerability in OpenStack Identity (Keystone) Grizzly and Havana Arbitrary Command Execution via Email Attachment Filename in Sup Arbitrary Command Execution via Email Attachment Content Type in Sup Remote Account Creation Vulnerability in Red Hat Satellite 5.6 and Earlier Race condition vulnerability in Luci 0.26.0 allows unauthorized access to sensitive information Untrusted Search Path Vulnerability in Python-Paste-Script (Paster) in Luci 0.26.0 Denial of Service Vulnerability in Linux Kernel's ipc_rcu_putref Function Denial of Service Vulnerability in Varnish before 3.0.5 Denial of Service Vulnerability in 389 Directory Server 1.2.11.15 Remote Code Execution (RCE) Vulnerability in Zanata 3.0.0 - 3.1.2: Exploiting EL Interpolation in Logging Memory Corruption Vulnerability in DANE Library in GnuTLS Unverified X.509 Certificates in libgadu before 1.12.0 Allows Server Spoofing Arbitrary Command Execution Vulnerability in Grit Gem for GitLab Arbitrary Command Execution via SSH Key Upload in GitLab Cross-site scripting (XSS) vulnerability in Ruby on Rails internationalization component Arbitrary Script Injection Vulnerability in i18n Gem Denial of Service Vulnerability in Xen Arbitrary Command Execution via Email in TORQUE Resource Manager Samba Vulnerability: Password-Guessing Protection Bypass Security Group Bypass Vulnerability in OpenStack Compute (Nova) Insecure Content Deletion in Spaces OG Submodule for Drupal Arbitrary Script Injection in Bean Module for Drupal Arbitrary Result Deletion Vulnerability in Drupal Quiz Module Sensitive Quiz Results Disclosure Vulnerability FileField Sources Module File Permission Vulnerability Arbitrary Code Injection via Feed Element Mapper Module in Drupal Arbitrary Node Comment Reading Vulnerability in Monster Menus Module Bypassing Access Restrictions and Denial of Service Vulnerability in mod_dontdothat for Apache Subversion Arbitrary Web Script Injection Vulnerability in CollectiveAccess Providence and Pawtucket Weak SSL Ciphers in lighttpd before 1.4.34 with SNI Enabled Insecure Password Display on IBUS 1.5.4 and Earlier Versions Directory Traversal Vulnerability in Tryton Client 3.0.0 Integer overflows in Alchemy LCD frame-buffer drivers allow local privilege escalation Buffer Overflow in exitcode_proc_write Function in Linux Kernel Buffer Overflow in oz_cdev_write Function in Linux Kernel Buffer overflow vulnerability in Linux kernel drivers/staging/wlags49_h2/wl_priv.c Uninitialized Data Structure Vulnerability in Linux Kernel's bcm_char_ioctl Function Uninitialized Data Structure Vulnerability in Linux Kernel's mp_get_count Function Denial of Service Vulnerability in Apache Santuario XML Security for Java World Readable PKI Entitlement Certificates in RHUI 2.1.3 Cross-Site Scripting (XSS) Vulnerabilities in Review Board 1.6.x and 1.7.x Incomplete Fix for DTD Embedding Vulnerability in libxslt Arbitrary Code Execution via Unrestricted Deserialization in RichFaces Implementation Information Disclosure Vulnerability in Moodle Cross-site scripting (XSS) vulnerability in Moodle message/lib.php Moodle Directory Traversal Vulnerability Cross-site scripting (XSS) vulnerability in Moodle's quiz response table Buffer Overflow Vulnerability in QEMU's hw/ide/ahci.c Allows Remote Code Execution Buffer Overflow in QEMU's hpet.c Allows Remote Code Execution Buffer Overflow in QEMU's PCIe AER Handling Buffer Overflow Vulnerability in QEMU's hw/ssi/pl022.c Buffer Overflow Vulnerability in QEMU's target-arm/machine.c Buffer Overrun Vulnerability in QEMU 1.1.2+dfsg to 2.1+dfsg Allows Arbitrary Code Execution Buffer Overflow in pxa2xx_ssp_load Function in QEMU Buffer Overflow in QEMU's openpic.c Allows for Remote Code Execution Arbitrary File Execution Vulnerability in QEMU's virtqueue_map_sg Function Savevm Data Alteration Vulnerability Arbitrary Code Execution Vulnerability in QEMU's ssi_sd_transfer Function Multiple Buffer Overflows in QEMU's ssd0323_load Function Buffer Overflow Vulnerabilities in QEMU's tsc210x_load Function Buffer Overflow in QEMU's scoop_gpio_handler_update Function Arbitrary Code Execution Vulnerability in QEMU's usb_device_post_load Function Out-of-Bounds Array Access in virtio_scsi_load_request Function in QEMU Denial of Service and Arbitrary Code Execution Vulnerability in QEMU 2.0.0-rc0, 1.7.1, and Earlier Vulnerability: SSL Server Spoofing in cURL and libcurl Arbitrary Command Execution via GitLab Repository Import URL Remote Code Execution Vulnerability in Nginx Versions 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 Memory Initialization Vulnerability in OpenSSH 6.2 and 6.3 XML Entity Expansion (XEE) Attack in QXmlSimpleReader in Qt before 5.2 Unexpected File Descriptor Vulnerability in Bip before 0.8.9 Denial of Service Vulnerability in Xen 4.2.x and 4.3.x Arbitrary User Authentication Vulnerability in Drupalauth Module Vulnerability: XEN_DOMCTL_getmemlist Hypercall Denial of Service Privilege Escalation via Hypercall Access in Xen CSRF Vulnerability in SPIP Logout Functionality Cross-site scripting (XSS) vulnerability in SPIP author page (prive/formulaires/editer_auteur.php) Arbitrary PHP Execution Vulnerability in SPIP Security Screen Denial of Service Vulnerability in mod_dav_svn Apache HTTPD Server Module Privilege Escalation in lighttpd before 1.4.33 Use-after-free vulnerability in lighttpd before 1.4.33 leading to denial of service Cron Job Vulnerability: Mishandling of Temporary File in OpenShift Node's MCollective Facts Update CSRF Vulnerability in omniauth-facebook Gem 1.4.1 IPv6 UDP Fragmentation Offload (UFO) Vulnerability Denial of Service Vulnerability in Libreswan 3.6 via Small Length Value and Invalid Major Number in IKE Packet Heap-based Buffer Overflow in __OLEdecode Function in ppthtml 0.5.1 and Earlier: Remote Code Execution Vulnerability Bypassing Access Restrictions in mod_nss 1.0.8 and Earlier Cross-Site Scripting (XSS) Vulnerability in MediaWiki Sanitizer::checkCss Incomplete Blacklist Vulnerability in MediaWiki Sanitizer::checkCss Allows for Cross-Site Scripting (XSS) Attacks Information Disclosure Vulnerability in CleanChanges Extension for MediaWiki NULL pointer dereference vulnerability in zend_inline_hash_func function in php-luasandbox in Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 Buffer Overflow Vulnerability in php-luasandbox in Scribuntu Extension for MediaWiki Session Cookie Cache Vulnerability in CentralNotice Extension Arbitrary Web Script Injection Vulnerability in ZeroRatedMobileAccess Extension for MediaWiki TimeMediaHandler Extension XSS Vulnerability Heap-based Buffer Overflow in Symantec Backup Exec 2010 R3 and 2012 Acoustic Side-Channel Attack on GnuPG RSA Key Generation World-readable permissions for grub.cfg in Debian GNU GRUB Patch Allow Local Users to Obtain Password Hashes Code-Signing Protection Bypass Vulnerability in Jarsigner Vulnerability: MAC Address Spoofing via BSSID Masking in ath9k_htc_set_bssid_mask Function User Impersonation and Authentication Bypass in GitLab Arbitrary Code Execution Vulnerability in GitLab Arbitrary File Inclusion Vulnerability in GitLab Arbitrary Repository Cloning Privilege Escalation in GitLab Weak Security Vulnerability in Perdition 2.2: Failure to Apply ssl_outgoing_ciphers to STARTTLS Connections Array Index Error in KVM Subsystem Allows Privilege Escalation via Large ID Value Stack-based buffer overflows in Linux kernel's ip_vs_ctl.c allow local privilege escalation Denial of Service Vulnerability in GraphicsMagick's ExportAlphaQuantumType Function XML External Entity (XXE) Vulnerability in Apache Tomcat Buffer Overflow in Linux Kernel NFSv4 ACL Handling Memory Leak in __kvm_set_memory_region Function in Linux Kernel Access Token Security Vulnerability in RubyGem omniauth-facebook Unrestricted Access Vulnerability in Payment for Webform Module for Drupal Insecure URL Matching in Secure Pages Module for Drupal Node Access Keys Module Access Bypass Vulnerability Unauthenticated Access to Unpublished Content in Drupal Revisioning Module Unauthenticated Access to Configuration Pages in Drupal GCC Module Denial of Service Vulnerability in Misery Module for Drupal Multiple Cross-Site Scripting (XSS) Vulnerabilities in Alkacon OpenCms before 8.5.2 Infinite Loop Denial of Service Vulnerability in Avira AntiVir Engine Arbitrary User Record Manipulation Vulnerability in Fortinet FortiOS Arbitrary Script Injection Vulnerability in REDCap Graphical Data View & Descriptive Stats Page Undocumented Syntax Bypass Vulnerability in REDCap Unspecified Remote Attack Vulnerability in REDCap Data Search Utility Unspecified Remote Code Execution Vulnerabilities in REDCap Multiple Cross-Site Scripting (XSS) Vulnerabilities in REDCap before 5.1.0 Unauthenticated Remote Configuration Modification on Canon Printers Clear-text Wi-Fi PSK Passphrase Disclosure on Canon Printers Denial of Service Vulnerability in Canon Printers Insufficient Passphrase Selection in WifiPasswordController in Apple iOS 6 and Earlier Missing HTTPOnly Flag in Jahia xCM Set-Cookie Header for JSESSIONID Cookie Multiple SQL Injection Vulnerabilities in OpenEMR 4.1.1 Arbitrary Web Script Injection in OpenEMR 4.1.1 Multiple Access Bypass Vulnerabilities in Magnolia CMS before 4.5.9 Default WPA2 PSK Passphrase Vulnerability on HTC Droid Incredible's 3G Mobile Hotspot Denial of Service via Infinite Loop in PolarSSL x509parse_crt Function Multiple Cross-Site Scripting (XSS) Vulnerabilities in Jahia xCM 6.6.1.0 before Hotfix 7 Arbitrary Code Injection via Duplicator Plugin in WordPress Arbitrary Script Injection in BackWPup Plugin for WordPress Denial of Service Vulnerability in bitcoind and Bitcoin-Qt 0.8.x via Large Amount of tx Message Data Vulnerability: Information Leakage in Huawei Campus Switch Firewall Module Session Hijacking Vulnerability in Huawei Video Conference System Huawei AR Routers SNMPv3 Debugging Stack-based Buffer Overflow Vulnerability Denial of Service Vulnerability in Huawei AR Routers with SNMPv3 Denial of Service Vulnerability in Huawei Access Router (AR) Privilege Escalation Vulnerability in Huawei Seco VSM SQL Injection Vulnerability in jQuery Autocomplete Extension for TYPO3 Integer Overflow in jdtojewish Function in PHP Calendar Component Denial of Service Vulnerability in PHP Fileinfo Component Arbitrary Web Script Injection in DotNetNuke (DNN) Versions Before 6.2.9 and 7.x Before 7.1.1 Privilege Escalation via __system Username in MongoDB Hardcoded X.509 Certificate Vulnerability in Siemens Scalance W7xx Devices Authentication Bypass and Remote Code Execution Vulnerability in Siemens Scalance W7xx Devices Multiple Cross-Site Scripting (XSS) Vulnerabilities in Alcatel-Lucent MyTeamwork Services Symlink Traversal Vulnerability in TP-LINK TL-WDR4300 and TL-1043ND Routers Symlink Traversal Vulnerability in Belkin N900 SMB Service Symlink Traversal Vulnerability in ASUS RT-AC66U and RT-N56U: Exploiting Misconfigured SMB Service Symlink Traversal Vulnerability in NETGEAR WNR3500U and WNR3500L: Misconfigured SMB Service SMB Symlink Traversal Vulnerability in Linksys EA6500 Buffer Overflow Vulnerability in Broadcom ACSD Allows Remote Code Execution Remote Code Execution Vulnerability in JS-YAML Module for Node.js Role-based Access Control Bypass in CiviCRM Custom Searches SQL Injection Vulnerability in CiviCRM Quick Search API Arbitrary Command Execution in Redmine Git Hosting Plugin Cross-Site Scripting (XSS) Vulnerability in SPBAS Business Automation Software 2012 CSRF Vulnerability in SPBAS Business Automation Software 2012 Arbitrary File Creation Vulnerability in File Roller SSL Session Proceeds with Invalid Certificate Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in Symantec Web Gateway Appliance CSRF Vulnerability in Symantec Web Gateway Appliance Incorrect Sudoers File Vulnerability in Symantec Web Gateway Appliance Arbitrary Code Execution via RADIUS Authentication in Symantec Web Gateway Arbitrary Web Script Injection via Encrypted Email Attachment in Symantec Encryption Management Server Multiple Cross-Site Scripting (XSS) Vulnerabilities in Symantec Backup Exec 2010 R3 and 2012 Weak Permissions on Symantec Backup Exec 2010 R3 and 2012 Backup Data Files Information Disclosure Vulnerability in Symantec Backup Exec 2010 R3 and 2012 Privilege Escalation Vulnerability in Symantec Workspace Virtualization Open Redirect Vulnerability in Maag Form Captcha Extension for TYPO3 Arbitrary SQL Command Execution in sofortueberweisung2commerce Extension Arbitrary SQL Command Execution in Multishop Extension for TYPO3 Arbitrary SQL Command Execution in TYPO3 meta_feedit Extension 0.1.10 and Earlier Denial of Service Vulnerability in Juniper Junos PIM Daemon Buffer Overflow Vulnerability in Juniper Junos SRX Devices with Captive Portal Enabled Denial of Service Vulnerability in Juniper Junos VLAN Configurations Denial of Service Vulnerability in Juniper Junos ALGs Denial of Service Vulnerability in Juniper Junos 10.4 with MSRPC ALG Enabled (PR 772834) CSRF Protection Bypass in Juniper Junos J-Web Memory Initialization Vulnerability in Juniper Junos XSS Vulnerability in Sencha Labs Connect's connect.methodOverride() XSS Vulnerability in Xorbin Analog Flash Clock 1.0 Extension for Joomla XSS Vulnerability in WordPress Xorbin Digital Flash Clock 1.0 Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote code execution via a long Skin directory name Winamp 5.63: Arbitrary Code Execution via Invalid Pointer Dereference Unspecified Privilege Escalation Vulnerabilities in Hitachi IT Management Software Opportunistic Information Disclosure in Cybozu Mailwise 5.0.4 and 5.0.5 Unverified SSL Certificates in Yahoo! Japan Yafuoku! App for iOS and Android Unverified SSL Certificates in Yahoo! Japan Shopping Android App Allow Man-in-the-Middle Attacks XML External Entity (XXE) Vulnerability in PHP OpenID Library 2.2.2 and Earlier Multiple Directory Traversal Vulnerabilities in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows Arbitrary Code Injection through Cross-Site Scripting (XSS) in Cybozu Office before 9.3.1 ChamaNet ChamaCargo 7.0000 XSS Vulnerability Opera before 15.00 UTF-8 Encoding Cross-Site Scripting (XSS) Vulnerability Denial of Service Vulnerability in D-Link Japan DWL-2100AP SSH Implementation Denial of Service Vulnerability in D-Link Japan DES-3810 SSH Implementation Predictable Random Number Generation in PPP Access Concentrator (PPPAC) Allows Remote Bypass of RADIUS Authentication Remote Code Execution Vulnerability in SEIL/x86, SEIL/X1, SEIL/X2, SEIL/B1, SEIL/Turbo, and SEIL/neu 2FE Plus Routers Arbitrary Code Execution and Denial of Service Vulnerability in Android WebView Class Accela BizSearch 3.2 XSS Vulnerability Session Management Vulnerability in I-O DATA DEVICE HDL-A and HDL2-A Devices Arbitrary Web Script Injection in I-O DATA DEVICE RockDisk Firmware Arbitrary Web Script Injection Vulnerability in Tiki Wiki CMS Groupware Arbitrary SQL Command Execution in Tiki Wiki CMS Groupware Arbitrary Web Script Injection Vulnerability in Tattyan HP TOWN 5_9_3 and Earlier SQL Injection Vulnerabilities in OTRS Help Desk 3.0.x, 3.1.x, and 3.2.x Arbitrary Web Script Injection Vulnerability in OTRS ITSM Arbitrary SQL Command Execution Vulnerability in SEO Pack for tt_news Extension Arbitrary SQL Command Execution in WEC Discussion Forum Extension for TYPO3 Arbitrary SQL Command Execution in TYPO3 RSS Feed Extension Multiple Cross-Site Scripting (XSS) Vulnerabilities in DDSN Interactive cm3 Acora CMS Open Redirect Vulnerability in DDSN Interactive cm3 Acora CMS Missing HTTPOnly Flag in Set-Cookie Header in DDSN Interactive cm3 Acora CMS Insecure Cookie Transmission in DDSN Interactive cm3 Acora CMS CSRF Vulnerability in DDSN Interactive cm3 Acora CMS Sensitive Information Disclosure in DDSN Interactive cm3 Acora CMS Information Disclosure Vulnerability in DDSN Interactive cm3 Acora CMS Arbitrary Configuration Modification Vulnerability in phpMyAdmin 4.x before 4.0.4.1 Remote Code Execution Vulnerability in PCMan's FTP Server 2.0.7 via Buffer Overflow in USER Command Arbitrary Command Execution in Choice Wireless Green Packet WIXFMR-111 4G WiMax Modem Predictable Session ID Vulnerability in Digital Alert Systems DASDEC and Monroe Electronics R189 One-Net EAS Devices Information Disclosure Vulnerability in Digital Alert Systems DASDEC and Monroe Electronics R189 One-Net EAS Devices Predictable Password Generation Vulnerability in DASDEC and One-Net EAS Devices Default Password Vulnerability in Digital Alert Systems DASDEC and Monroe Electronics R189 One-Net EAS Devices Multiple Integer Overflows in MSM Camera Driver for Linux Kernel Vulnerability: Bypassing Access Restrictions in CONFIG_STRICT_MEMORY_RWX Implementation Stack-based buffer overflows in MSM camera driver for Linux kernel 3.x allow privilege escalation Vulnerability in MSM Camera Driver for Linux Kernel 3.x Allows Information Disclosure Memory Corruption Vulnerability in Goodix gt915 Touchscreen Driver for Linux Kernel 3.x Buffer Overflow Vulnerability in NetWin SurgeFTP Local Overflow Vulnerability in Static HTTP Server 1.0 Arbitrary Web Script Injection Vulnerability in PHPUnit Extension for TYPO3 Arbitrary SQL Command Execution in My Quiz and Poll Extension for TYPO3 Arbitrary Code Injection through XSS in My Quiz and Poll Extension for TYPO3 Arbitrary Web Script Injection in TYPO3 Accessible Browse Results Extension Arbitrary SQL Command Execution in TYPO3 News System Extension Arbitrary Web Script Injection in TYPO3 UserTask Center Messaging Extension Loss of Information Vulnerability in php-symfony2-Validator during Serialization Host Header Manipulation Vulnerability in Symfony Multiple Cross-Site Scripting (XSS) Vulnerabilities in Claroline 1.11.9 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in Owl Intranet Knowledgebase 1.10 Double Free Vulnerability in ElasticSearch Plugin in rsyslog Cross-Site Scripting (XSS) Vulnerabilities in Magnolia Form Module for Magnolia CMS Arbitrary Ruby Program Execution Vulnerability in Puppet Session Hijacking Vulnerability in Puppet Enterprise before 3.0.1 Unprotected Component in Samsung Galaxy S3/S4 Allows Unauthorized SMS Text Messages Unprotected Component in Samsung Galaxy S3/S4 Allows Unauthorized SMS Texting Unspecified Log File Reading Vulnerability in Eucalyptus Gather Log Service Unspecified Vulnerability in Eucalyptus 3.3.2 and Earlier Denial of Service Vulnerability in Eucalyptus Web Services APIs Denial of Service Vulnerability in Eucalyptus Cloud Controller (CLC) Component Arbitrary Web Script Injection in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 Authentication Bypass Vulnerability in D-Link DIR-505L and DIR-826L Routers Remote Information Disclosure Vulnerability in NETGEAR ProSafe Switches Denial of Service Vulnerability in NETGEAR ProSafe Switches Local Privilege Escalation via /dev/socket/init_runit on Motorola Defy XT with Android 2.3.7 Information Disclosure Vulnerability in Siemens Enterprise OpenScape Branch Appliance and OpenScape Session Border Controller Arbitrary Web Script Injection Vulnerability in Siemens Enterprise OpenScape Branch Appliance and OpenScape Session Border Controller Arbitrary File Read Vulnerability in Siemens Enterprise OpenScape Branch Appliance and OpenScape Session Border Controller Arbitrary Command Execution Vulnerability in Siemens Enterprise OpenScape Branch Appliance and OpenScape Session Border Controller BMC Authentication Bypass Vulnerability in Supermicro Implementation Dell iDRAC Vulnerability: Authentication Bypass and Arbitrary IPMI Command Execution Bypassing Authentication and Executing Arbitrary IPMI Commands in HP Integrated Lights-Out (iLO) BMC Implementation Remote Code Execution Vulnerability in Dell iDRAC6 Web Interface IPMI 2.0 Vulnerability: Remote Password Hash Retrieval and Offline Guessing Master Key Vulnerability: Arbitrary Code Execution in Android 1.6 Donut through 4.2 Jelly Bean Uninitialized Pointer Guard Vulnerability in glibc SQL Injection Vulnerability in Cotonti RSS Module Predictable IMAP Server Hostname Vulnerability in Open-Xchange AppSuite Persistent XSS Vulnerability in PrestaShop before 1.4.11 Logout CSRF Vulnerability in PrestaShop before 1.4.11 Unauthenticated Remote Code Execution in Umbraco CMS TemplateService Cross-site scripting (XSS) vulnerability in Submitters list in Review Board 1.6.x and 1.7.x before 1.7.12 Code Execution Vulnerability in ReviewBoard 1.6.17 via PHP Script Attachment Unspecified Remote Code Execution Vulnerability in HP LoadRunner (ZDI-CAN-1690) Unspecified Remote Code Execution Vulnerability in HP LoadRunner (ZDI-CAN-1705) Unspecified Remote Code Execution Vulnerability in HP LoadRunner (ZDI-CAN-1734) Unspecified Remote Code Execution Vulnerability in HP LoadRunner (ZDI-CAN-1735) Unspecified Remote Code Execution Vulnerability in HP LoadRunner (ZDI-CAN-1736) HP Application Lifecycle Management (ALM) Quality Center before 11.51 XSS Vulnerability (ZDI-CAN-1565) Unspecified Remote Code Execution and Information Disclosure Vulnerability in HP Business Process Monitor Authentication Bypass Vulnerability in HP Integrated Lights-Out (iLO) Firmware Vulnerability: Duplicate Link State ID Values in OSPF Implementation on HP Routers and Switches Unspecified Remote Data Modification Vulnerability in HP LaserJet Pro Printers Unspecified Remote Privilege Escalation Vulnerability in HP Service Manager and Service Center SQL Injection Vulnerabilities in HP ProCurve Manager (PCM) and Identity Driven Manager (IDM) Remote Code Execution in HP ProCurve Manager (PCM) and Identity Driven Manager (IDM) via EJBInvokerServlet and JMXInvokerServlet (ZDI-CAN-1760) Arbitrary Code Execution via Unvalidated adCert Argument in HP ProCurve Manager (PCM) and Identity Driven Manager (IDM) Arbitrary Code Execution via Unvalidated File Upload in HP ProCurve Manager (PCM) and Identity Driven Manager (IDM) Remote Command Execution Vulnerability in HP ProCurve Manager (PCM) and Identity Driven Manager (IDM) Arbitrary Web Script Injection Vulnerability in HP XP P9000 Command View Advanced Edition Suite Software 7.x before 7.5.0-02 HP ArcSight Enterprise Security Manager (ESM) before 5.5 - Cross-Site Scripting (XSS) Vulnerability Unspecified Remote Information Disclosure Vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 Unspecified Remote Information Disclosure Vulnerability in HP IceWall SSO and IceWall File Manager Unspecified Information Disclosure Vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 Unspecified Information Disclosure Vulnerability in HP IceWall SSO and Related Components Unspecified Denial of Service Vulnerability in HP System Management Homepage (SMH) Remote Code Execution Vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (BIMS) (ZDI-CAN-1606) Unspecified Remote Information Disclosure Vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (BIMS) (ZDI-CAN-1607) Authentication Bypass Vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module (ZDI-CAN-1644) Bypassing Access Restrictions in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module (ZDI-CAN-1645) Unspecified Remote Information Disclosure Vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module (ZDI-CAN-1647) HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module SQL Injection Vulnerability (ZDI-CAN-1664) Unencrypted PDF Vulnerability in HP LaserJet and ScanJet Devices Arbitrary Scanned Document Image Leakage Vulnerability in HP LaserJet and ScanJet Devices Arbitrary Code Execution Vulnerability in HP Service Manager 9.30-9.32 Privilege Management Vulnerability in HP Service Manager 9.30-9.32 Unspecified Information Disclosure Vulnerability in HP Service Manager 9.30-9.32 HP Service Manager 9.30-9.32 Cross-Site Scripting (XSS) Vulnerability Unspecified Remote Code Execution Vulnerability in HP Application LifeCycle Management (ALM) Authentication Bypass and Arbitrary Code Execution in HP SiteScope 10.1x and 11.x (ZDI-CAN-1765) Arbitrary Code Execution Vulnerability in HP ALM GossipService SOAP Request Implementation (ZDI-CAN-1759) Unspecified Remote Code Execution Vulnerability in HP LoadRunner Virtual User Generator (ZDI-CAN-1832) Unspecified Remote Code Execution Vulnerability in HP LoadRunner Virtual User Generator (ZDI-CAN-1850) Unspecified Remote Code Execution Vulnerability in HP LoadRunner Unspecified Denial of Service Vulnerability in HP and H3C VPN Firewall Module Products Remote Code Execution Vulnerability in dbd_manager in HP StoreVirtual 4000 and StoreVirtual VSA Software (ZDI-CAN-1509) Arbitrary Web Script Injection Vulnerability in HP Integrated Lights-Out 4 (iLO4) Firmware Unspecified Information Disclosure Vulnerability in HP Integrated Lights-Out 4 (iLO4) Firmware Unspecified Remote Code Execution Vulnerability in HP Service Manager and ServiceCenter HP Officejet Pro 8500 All-in-One Printers Cross-Site Scripting (XSS) Vulnerability Unspecified Remote Information Disclosure Vulnerability in HP System Management Homepage (SMH) Multiple CSRF Vulnerabilities in TP-Link TL-WDR4300 Version 3.13.31 NFS Server Authorization Bypass Vulnerability Integer Overflow in PuTTY and WinSCP Allows Remote Code Execution Denial of Service Vulnerability in BIND DNS Server (CVE-2013-4854) SMB Symlink Traversal Vulnerability in D-Link DIR-865L Information Disclosure Vulnerability in D-Link DIR-865L Router Critical PHP File Inclusion Vulnerability Found in D-Link DIR-865L Router XML File Denial of Service Vulnerability in Microsoft Windows Movie Maker 2.1.4026.0 Unauthenticated Access to INSTEON Hub 2242-222 Web and API Unrestricted API Access in Radio Thermostat CT80 and CT50 Firmware 1.4.64 and Earlier Directory Traversal Vulnerability in MiCasaVerde VeraLite Firmware 1.5.408 Vulnerability: Unauthorized Access and Password Exposure in MiCasaVerde VeraLite Firmware 1.5.408 Arbitrary Lua Code Execution Vulnerability in MiCasaVerde VeraLite Server-Side Request Forgery (SSRF) vulnerability in MiCasaVerde VeraLite firmware 1.5.408 Arbitrary Firmware Installation via CSRF Vulnerability in MiCasaVerde VeraLite Hardcoded Bluetooth PIN in LIXIL Corporation My SATIS Genius Toilet App for Android Allows Physical Attacks EA Karotz Smart Rabbit 12.07.19.00 Vulnerability: Python Module Hijacking Karotz API Session Token Information Disclosure Vulnerability Hard-coded static encryption key vulnerability in Cisco Unified Communications Manager (CUCM) and Cisco Unified Presence Server Arbitrary SQL Command Execution in TYPO3 News Search Extension 0.1.0 CSRF Vulnerability in TEQneers SEO Enhancements Extension for TYPO3 Vulnerability: QR Code Processing Vulnerability in Google Glass Cleartext Credential Exposure in Yahoo! Tumblr iOS App HDMI Cable Exploit: Root Access Vulnerability in Verizon Wireless Network Extender SCS-26UC4 Uboot Bootloader HDMI Cable Bypass Vulnerability in Verizon Wireless Network Extender SCS-2U01 Hardcoded Root Password Vulnerability in Verizon Wireless Network Extender SCS-2U01 Vulnerability: Lack of CAVE Authentication in Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 Improper ScriptAlias Directive in Parallels Plesk Panel and Small Business Panel Allows Remote Code Execution SQL Injection Vulnerability in BigTree CMS 4.0 RC2 and Earlier: Remote Code Execution via PATH_INFO Arbitrary Web Script Injection in BigTree CMS 4.0 RC2 and Earlier CSRF Vulnerability in BigTree CMS 4.0 RC2 and Earlier Allows Remote Authentication Hijacking Multiple SQL Injection Vulnerabilities in McAfee ePolicy Orchestrator and McAfee Agent Multiple Cross-Site Scripting (XSS) Vulnerabilities in McAfee ePolicy Orchestrator and McAfee Agent McAfee SuperScan 4.0 XSS Vulnerability Arbitrary File Upload Vulnerability in NMap's http-domino-enum-passwords.nse Script Arbitrary SQL Command Execution in Digital Signage Xibo 1.4.2 via index.php Arbitrary Web Script Injection in Digital Signage Xibo 1.4.2 Cross-Site Request Forgery (CSRF) Vulnerabilities in Digital Signage Xibo 1.4.2 Denial of Service Vulnerability in Samsung PS50C7700 TV's DMCRUIS/0.1 Web Server Cross-Site Scripting (XSS) Vulnerability in CodeIgniter's xss_clean Function Arbitrary Code Execution via Unrestricted File Upload in SocialEngine Timeline Plugin Twilight CMS 5.17 XSS Vulnerability in Gallery Page Directory Traversal Vulnerability in DeWeS Web Server 0.4.2 and Earlier CSRF Vulnerability in Siemens WinCC (TIA Portal) Allows Authentication Hijacking Open Redirect Vulnerability in Siemens WinCC (TIA Portal) Allows Phishing Attacks Uninitialized Global Variable Vulnerability in Wireshark 1.10.x Denial of Service Vulnerability in Wireshark Radiotap Dissector Double Free Vulnerability in DCOM ISystemActivator Dissector in Wireshark 1.10.x Memory Leak in DCOM ISystemActivator Dissector in Wireshark 1.10.x Denial of Service Vulnerability in Wireshark DCOM ISystemActivator Dissector Integer Signedness Error in DCOM ISystemActivator Dissector in Wireshark 1.10.x Denial of Service Vulnerability in Wireshark DCOM ISystemActivator Dissector Denial of Service via Crafted Packet in Wireshark Bluetooth SDP Dissector Denial of Service via Crafted Packet in Bluetooth OBEX Dissector Denial of Service Vulnerability in Wireshark DIS Dissector Denial of Service Vulnerability in Wireshark DVB-CI Dissector Denial of Service Vulnerability in Wireshark GSM RR Dissector Array Index Errors in GSM A Common Dissector Leading to Denial of Service in Wireshark Memory Allocation Vulnerability in Netmon File Parser in Wireshark Uninitialized Structure Members Vulnerability in Wireshark Netmon File Parser Uninitialized Length Field Vulnerability in Wireshark ASN.1 PER Dissector PROFINET Real-Time Dissector Denial of Service Vulnerability Unspecified Vulnerabilities in ASUS AiCloud Feature Ineffective Implementation of LTI mod_form Settings in Moodle Allows Information Disclosure Arbitrary web script injection vulnerability in Yahoo! YUI IO Utility component Cross-site scripting (XSS) vulnerability in Yahoo! YUI 3.10.2 through Moodle 2.5.1 Arbitrary web script injection vulnerability in Yahoo! YUI Uploader component in Moodle and other products Arbitrary script injection vulnerability in Yahoo! YUI Uploader component Privilege Escalation and Database Operation Bypass in Siemens COMOS Arbitrary Script Injection in BuddyPress Extended Friendship Request Plugin Multiple SQL Injection Vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 Multiple Cross-Site Scripting (XSS) Vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 Unspecified Remote Code Execution Vulnerability in Sawmill Database Update and Build Page Arbitrary SQL Command Execution Vulnerability in Machform 2's view.php Arbitrary PHP Code Execution via Unrestricted File Upload in Machform 2 Arbitrary Script Injection Vulnerability in Machform 2's view.php Cross-Site Scripting (XSS) Vulnerabilities in Mintboard 0.3 SQL Injection Vulnerability in Elemata CMS RC 3.0 - Remote Code Execution via id Parameter SQL Injection Vulnerability in Top Games Script 1.2: Remote Code Execution via gid Parameter in play.php Cross-Site Scripting (XSS) Vulnerabilities in Genetech Solutions Pie-Register Plugin for WordPress Open Redirect Vulnerability in Puppet Enterprise Login Page Weak Permissions in Puppet Module Tool (PMT) Installation Arbitrary YAML Code Execution Vulnerability in Puppet Enterprise Dashboard Report Unattended Workstation Privilege Escalation in Puppet Enterprise Information Leakage in Puppet Enterprise before 3.0.1 Information Disclosure in Puppet Enterprise HTTP Response Headers Insecure Password Reset Process in Puppet Enterprise before 3.0.1 CSRF Vulnerabilities in Puppet Enterprise (PE) before 3.0.1 Insecure Session Cookie Handling in Puppet Enterprise before 3.0.1 Unrestricted Authentication Attempts in Puppet Enterprise Arbitrary Classification Creation Vulnerability in Puppet Enterprise Information Disclosure Vulnerability in Puppet Enterprise Clickjacking and Cross-Site Scripting Vulnerabilities in Puppet Enterprise Local Privilege Escalation via Symlink Attack in Puppet Unrestricted Access to Node Endpoints in Puppet Enterprise Console RealPlayer Stack-Based Buffer Overflow Vulnerability RealPlayer Remote Code Execution Vulnerability Privilege Escalation Vulnerability in Hikvision DS-2CD7153-E IP Camera Hikvision DS-2CD7153-E IP Camera: Hardcoded Credentials Vulnerability Buffer Overflow Vulnerability in Hikvision DS-2CD7153-E IP Camera Firmware 4.1.0 b130111 AloahaPDFViewer Stack-Based Buffer Overflow Vulnerability Remote Code Execution Vulnerability in EPS Viewer 3.2 and Earlier Buffer Overflow in AVTECH AVN801 DVR RTSP Packet Handler Buffer Overflow Vulnerability in AVTECH AVN801 DVR Security Bypass Vulnerability in AVTECH AVN801 DVR: Administration Login Captcha Arbitrary Command Execution in Sophos Web Appliance Privilege Escalation via Shell Metacharacters in clear_keys.pl Vivotek IP Cameras Remote Authentication Bypass: Unauthorized Access to Video Stream Stack-based Buffer Overflow in PDFAX0722_IconCool.dll 7.22.1125.2121 in IconCool PDFCool Studio 3.32 Build 130330 and Earlier Privilege Escalation via Shell Metacharacters in PineApp Mail-SeCure Stack-based Buffer Overflow in IcoFX 2.5 and Earlier phpMyAdmin XSS Vulnerability in Row Information Display Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin 3.5.x and 4.0.x Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 Information Disclosure Vulnerability in phpMyAdmin Information Disclosure Vulnerability in phpMyAdmin 4.0.x before 4.0.4.2 Information Disclosure Vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 Arbitrary Web Script Injection in phpMyAdmin 4.0.x Arbitrary Script Injection in phpMyAdmin Schema Export SQL Injection Vulnerabilities in phpMyAdmin 3.5.x and 4.0.x Multiple Cross-Site Scripting (XSS) Vulnerabilities in Tripwire Enterprise 8.2 and Earlier Cleartext Administrative Password Disclosure in Western Digital My Net Routers Insecure Encryption Key Sharing in Symantec Management Platform Authentication Bypass Vulnerability in Symantec Endpoint Protection Management Console Bypassing Policy Restrictions in Symantec Endpoint Protection Unquoted Windows Search Path Privilege Escalation Vulnerability in Symantec Endpoint Protection SQL Injection Vulnerabilities in Symantec Web Gateway Management Console Multiple Cross-Site Scripting (XSS) Vulnerabilities in Symantec Web Gateway Appliance XML External Entity (XXE) vulnerability in Symantec Endpoint Protection Manager and Symantec Protection Center Small Business Edition Arbitrary SQL Command Execution Vulnerability in Symantec Endpoint Protection Manager (SEPM) and Symantec Protection Center Small Business Edition Bypassing Policy Settings in Symantec Critical System Protection (SCSP) on Unpatched Windows Server 2003 R2 Arbitrary Command Execution Vulnerability in Symantec Web Gateway (SWG) Integer Overflow Vulnerability in strongSwan's is_asn1 Function Remote Code Execution Vulnerability in Ultra Mini HTTPD 1.21 via Long Resource Name Multiple Cross-Site Scripting (XSS) Vulnerabilities in MiniBB before 3.0.1 Multiple Absolute Path Traversal Vulnerabilities in National Instruments cwui.ocx Absolute Path Traversal Vulnerability in National Instruments LabWindows/CVI and LabVIEW ActiveX Control Denial of Service Vulnerability in National Instruments LabWindows/CVI and LabVIEW Sensitive Information Disclosure in National Instruments NI .NET Class Library Help Denial of Service Vulnerability in National Instruments LabWindows/CVI Help Subsystem Arbitrary Code Execution via ActiveX Control in National Instruments Lookout Access Control Vulnerability in Collabtive 1.0 SQL Injection Vulnerability in Kwoksys Kwok Information Server Clickjacking Protection Bypass in phpMyAdmin 3.5.x and 4.0.x Authentication Bypass Vulnerability in Ruckus Wireless Zoneflex 2942 Devices Unspecified Vulnerability in Atmail Before 6.6.4 and 7.x Before 7.1.2 Unspecified vulnerability in Atmail before 6.6.4 and 7.x before 7.1.2 with unknown impact and attack vectors Unspecified vulnerability in Atmail before 6.6.4 and 7.x before 7.1.2 with unknown impact and attack vectors Unspecified Vulnerability in Atmail Before 6.6.4 and 7.x Before 7.1.2 Race conditions in HtmlCleaner: Remote E-mail Reading Vulnerability Remote Code Execution Vulnerability in Square Squash Default WPS PIN Vulnerability in HOT HOTBOX Router Software 2.1.11 Authentication Bypass Vulnerability in HOT HOTBOX Router Software 2.1.11 HOT HOTBOX Router CSRF Vulnerability: Unauthorized WiFi Security Deactivation SignalR Forever Frame XSS Vulnerability Internet Explorer Elevation of Privilege Vulnerability Internet Explorer Elevation of Privilege Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer Memory Corruption Vulnerability Internet Explorer 7 Memory Corruption Vulnerability Token Hijacking Vulnerability in Microsoft Office 2013 and 2013 RT Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library HXDS ASLR Vulnerability Win32k Integer Overflow Vulnerability SharePoint Page Content Remote Code Execution Vulnerability Privilege Escalation Vulnerability in NDProxy.sys OWA XSS Vulnerability in Microsoft Exchange Server 2010 and 2013 SQL Injection Vulnerability in vTiger CRM 5.4.0 and Earlier Versions AlgoSec Firewall Analyzer 6.1-b86 Cross-Site Scripting (XSS) Vulnerability in Login.php Arbitrary Code Execution via Unsafe Usage of Pickle in Graphite Web Arbitrary Web Script Injection via cert_cn Cookie Parameter in McAfee Vulnerability Manager 7.5 Arbitrary Web Script Injection Vulnerability in Juniper Junos Space Improper Role-Based Access Control in Juniper Junos Space (PR 863804) Improper Access Restriction in Juniper Junos Space Allows Password Hash Retrieval Arbitrary Script Injection in Download Monitor Plugin for WordPress Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1 with enabled comments Arbitrary Web Script Injection in TYPO3 Static Methods Extension (div2007) Code Execution Vulnerability in select.py with python-mode 2012-12-19 RockMongo 1.1.5 and Earlier Directory Traversal Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in RockMongo 1.1.5 and Earlier Insecure PIN Storage in Evernote before 5.5.1 Insecure PIN Implementation in LastPass Prior to 2.5.1 Secure Wipe Bypass Vulnerability in LastPass prior to 2.5.1 Insecure Password Change Vulnerability in Evernote prior to 5.5.1 Arbitrary SQL Command Execution in ZLDNN DNNArticleRSS.aspx Arbitrary Code Injection through HTML E-mail in Good for Enterprise App for iOS Zimbra Collaboration Suite (ZCS) Vulnerability: Man-in-the-Middle Attack on ZM_AUTH_TOKEN SQL Injection Vulnerability in PHPFox before 3.6.0 (build4) via search[gender] Parameter Arbitrary SQL Command Execution in PHPFox before 3.6.0 (build6) Critical Vulnerability: Unauthenticated Access Exploit in Cisco Linksys Routers EA2700, EA3500, E4200, EA4500 Insecure DNS Querying and Authenticity Checks in Python Pip before 1.5 Arbitrary Code Execution and Denial of Service Vulnerability in WebKit (CVE-2013-XXXX) Arbitrary Code Execution and Denial of Service Vulnerability in WebKit (CVE-2013-XXXX) Arbitrary Code Execution and Denial of Service Vulnerability in WebKit (CVE-2013-XXXX) Arbitrary Code Execution and Denial of Service Vulnerability in WebKit (CVE-2013-XXXX) Cross-Site Scripting (XSS) Vulnerabilities in WebKit on Apple iOS before 7 Web Inspector Vulnerability in Apple Safari Allows Unauthorized Access to Browsing Information Arbitrary Script Injection Vulnerability in Apple iOS WebKit Denial of Service Vulnerability in Apple AirPort Base Station Firmware Symlink Vulnerability in Apple iOS Backup before 7.1 Format String Vulnerability in Apple Screen Sharing Server Unencrypted-Connection Warning Bypass in Apple Remote Desktop User-interface event hijacking vulnerability in Apple iOS before version 7 via IOKit Denial of Service Vulnerability in IOCatalogue in Apple iOS before 7 Out-of-Bounds Array Access Vulnerability in IOSerialFamily Driver in Apple iOS Denial of Service Vulnerability in Apple iOS Kernel Integer Truncation Vulnerability in Apple iOS Kernel Uninitialized Kernel Data Structures Vulnerability in Apple iOS before 7 RADIUS Service Fallback X.509 Certificate Hijacking Vulnerability Passcode Bypass Vulnerability in Apple iOS 7.0.3 and Earlier Unauthenticated Local Privilege Escalation in Apple iOS Kext Management Passcode Bypass Vulnerability in Apple iOS before 7 Keynote Presentation Mode Screen Lock Bypass Vulnerability Unapproved Access to Push Notification Token in Apple iOS Safari History-Clearing Vulnerability in Apple iOS Cross-Site Scripting (XSS) Vulnerability in Mobile Safari on Apple iOS before 7 URL Bar Spoofing Vulnerability in Mobile Safari on Apple iOS Lock State Management Vulnerability in Apple iOS before 7 Allows Unauthorized Access to Notifications Sandbox Bypass Vulnerability in Apple iOS Denial of Service Vulnerability in Apple iOS Sandbox Subsystem Telephony Subsystem API Conformity Bypass Vulnerability in Apple iOS Twitter Subsystem in Apple iOS Allows Unauthorized Tweet Posting Cache-based Information Leakage in Apple iOS Social Subsystem Same Origin Policy Bypass in WebKit on Apple iOS 6 and earlier Passcode Bypass Vulnerability in Apple iOS 7.0.2 and Earlier Passcode Lock Bypass Vulnerability in Apple iOS before 7.0.2 Passcode Lock Bypass Vulnerability in Apple iOS Local Privilege Escalation in Apple Mac OS X Directory Services Race conditions in Apple iOS Phone app allow bypassing locked state and dialing arbitrary contacts Bypassing Access Restrictions in Apple Mac OS X Application Firewall Premature Interface Deletion Vulnerability in Apple Mac OS X Bluetooth USB Host Controller Session Cookie Tracking Vulnerability in CFNetwork Arbitrary Application Execution via Crafted URL in Apple Mac OS X Console Screen Lock Bypass Vulnerability in CoreGraphics on Apple Mac OS X Buffer Underflow Vulnerability in CoreGraphics in Apple Mac OS X Bypassing Secure Input Mode in CoreGraphics on Apple Mac OS X Denial of Service Vulnerability in Apple Mac OS X Kernel Denial of Service Vulnerability in Mac OS X Random-Number Generator Denial of Service Vulnerability in Apple Mac OS X Kernel Out-of-Bounds Read and System Crash Vulnerability in Apple Mac OS X Integer Truncation Vulnerability in Apple Mac OS X Denial of Service Vulnerability in Apple Mac OS X Kernel File Extension Spoofing Vulnerability in LaunchServices Bypassing App Sandbox Restrictions via Crafted App in Apple Mac OS X Predictable Values Generated by srandomdev Function in Libc on Apple Mac OS X Auto-Configuration Vulnerability in Mail on Apple Mac OS X Spoofing Cryptographic Signatures in Apple Mac OS X Mail Cleartext Data Leakage Vulnerability in Apple Mac OS X with Kerberos Authentication Denial of Service Vulnerability in Apple Mac OS X Kernel Weak Encryption Vulnerability in OpenLDAP's ldapsearch Command-Line Program in Apple Mac OS X Screen Lock Bypass Vulnerability in Apple Mac OS X Insecure Screen Lock Timeout in Apple Mac OS X Hibernation Vulnerability in Apple Mac OS X: Unauthorized Access without Password Unintended Security Configuration Bypass in Apple Mac OS X Denial of Service Vulnerability in Apple Mac OS X Smart Card Services Information Disclosure Vulnerability in Mac OS X Syslog Implementation Denial of Service Vulnerability in Apple Mac OS X USB Hub Controller App Store Transaction-Time Password Bypass Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Unauthenticated Access to REST and Memcache Interfaces in Open-Xchange AppSuite Database Password Bypass Vulnerability in HRIS 7.9 Information Disclosure Vulnerability in SCTP Implementation in FreeBSD ADTRAN AOS NetVanta 7100 GUI Login Page Cross-Site Scripting (XSS) Vulnerability NTP Monlist Traffic Amplification Vulnerability Arbitrary Web Script Injection in EasyXDM before 2.4.18 via easyxdm.swf Arbitrary Script Injection Vulnerability in FOSCAM Wireless IP Cameras' WiFi Scan Option Arbitrary File Read Vulnerability in CapaSystems Performance Guard Arbitrary Web Script Injection Vulnerability in HOT HOTBOX Router Software 2.1.11 HOT HOTBOX Router Software 2.1.11 Directory Traversal Vulnerability Denial of Service Vulnerability in HOT HOTBOX Router Software 2.1.11 Remote Code Execution Vulnerability in Esri ArcGIS for Server Mobile-Upload Feature Unspecified Cross-Site Scripting (XSS) Vulnerabilities in ESRI ArcGIS for Server 10.1 Multiple Cross-Site Scripting (XSS) Vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Autofill Subframe Form Field Credential Discovery Vulnerability in Apple Safari Arbitrary Code Execution and Denial of Service Vulnerability in WebKit Remote Desktop Full-Screen Dialog Box Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in AlienVault OSSIM 4.3.0 and Earlier Trustport Webfilter 5.5.0.2232 - Directory Traversal Vulnerability in help.php Arbitrary SQL Command Execution in Faceted Search Extension (ke_search) for TYPO3 Insecure Unserialize Vulnerability in TYPO3 Store Locator Extension Arbitrary SQL Command Execution in TYPO3 Store Locator Extension (locator) before 3.1.5 Arbitrary Code Injection through Cross-Site Scripting (XSS) in TYPO3 Store Locator Extension Arbitrary SQL Command Execution in TYPO3 Browser Extension Arbitrary Script Injection in TYPO3 Faceted Search Extension Arbitrary Web Script Injection in RealURL Management Extension for TYPO3 Arbitrary Web Script Injection in FUDforum 3.0.4.1 and Earlier Arbitrary SQL Command Execution in TYPO3 DB Integration Extension Multiple SQL Injection Vulnerabilities in Vastal I-Tech phpVID 1.2.3 Cross-Site Scripting (XSS) Vulnerabilities in Vastal I-Tech phpVID 1.2.3 CSRF Vulnerability in BigTree CMS 4.0 RC2 and Earlier Allows Unauthorized User Account Modification Arbitrary Web Script Injection in Serendipity 1.6.2 and Earlier Cross-site scripting (XSS) vulnerability in Scald module's Resource Manager in MEE submodule CSRF Vulnerability in RiteCMS 1.0.0 Allows Remote Password Hijacking RiteCMS 1.0.0 Cross-Site Scripting (XSS) Vulnerability in cms/index.php Ginkgo CMS 5.0 SQL Injection Vulnerability in index.php Arbitrary Web Script Injection in Atlassian JIRA Admin Panel Arbitrary Web Script Injection in mojoPortal Forums/EditPost.aspx Multiple SQL Injection Vulnerabilities in AlienVault OSSIM 4.1 Arbitrary SQL Command Execution in CoolURI Extension for TYPO3 Arbitrary Web Script Injection in TYPO3 Static Info Tables Extension Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary JavaScript Code Execution Vulnerability in Adobe Reader and Acrobat 11.x Cross-site scripting (XSS) vulnerability in Adobe ColdFusion versions 9.0 to 9.0.2 and 10 allows remote authenticated users to inject arbitrary web script or HTML via the logviewer directory. Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe RoboHelp 10 Arbitrary File Read Vulnerability in Adobe ColdFusion 10 before Update 12 Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Type Confusion Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Flash Player and Adobe AIR Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Arbitrary Code Execution and Memory Corruption Vulnerability in Adobe Shockwave Player Integer Underflow Vulnerability in Google Picasa 3.9.0 Build 137.69 Arbitrary PHP Code Execution via Serialized Object in OpenPNE 3.6.13 and 3.8.9 IrfanView Heap-Based Buffer Overflow in GIF LZW Code Stream Arbitrary PHP Code Execution in Sharetronix 3.1.1.3 and Earlier Arbitrary Code Execution via Unrestricted File Upload in Sharetronix 3.1.1.3 and Earlier SQL Injection Vulnerabilities in Sharetronix 3.1.1: Remote Code Execution via fb_user_id and tw_user_id Parameters CSRF Vulnerabilities in Sharetronix 3.1.1 Allow Remote Authentication Hijacking Unspecified AJAX Functionality Access Restriction Bypass in Sharetronix 3.1.1.3 and Earlier Heap-based Buffer Overflow in Google Picasa 3.9.0 Build 137.69 Memory Corruption Vulnerability in Google Picasa 3.9.0 Build 137.69 Stack-based Buffer Overflow in Google Picasa 3.9.0 Build 137.69 World-readable and world-writable permissions in Secunia CSI Agent configuration file on Red Hat Linux Autodesk SketchBook for Enterprise 2014 Heap-Based Buffer Overflow Vulnerability Arbitrary Code Execution Vulnerability in IBM SPSS Analytical Decision Management Unspecified Remote Code Execution Vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 Vulnerability: Permission Bypass in IBM Tivoli Storage Manager (TSM) on Windows Denial of Service Vulnerability in IBM WebSphere Message Broker and IBM Integration Bus World-writable permissions on rcleartool script in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07 and 8.0.1 allow local privilege escalation. Unspecified Remote Access Vulnerability in IBM Java SDK Cross-Site Scripting (XSS) Vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x Arbitrary Script Injection in IBM WebSphere Portal 8.x Arbitrary Script Injection in IBM WebSphere Portal 7.x and 8.x Sensitive Information Disclosure Vulnerability in IBM Maximo Asset Management Privilege Escalation Vulnerability in IBM Maximo Asset Management Unspecified Privilege Escalation Vulnerability in IBM Maximo Asset Management Unspecified Privilege Escalation Vulnerability in IBM Maximo Asset Management Vulnerability: Improper Validation of OSPF LSA Type 1 Packets in IBM i, z/OS, and NOS Buffer Overflow Vulnerability in IBM Platform Symphony 5.2, 6.1, and 6.1.1 Arbitrary Web Script Injection Vulnerability in iNotes in IBM Domino Arbitrary Web Script Injection Vulnerability in iNotes in IBM Domino Arbitrary Web Script Injection in IBM WebSphere eXtreme Scale Monitoring Console Improper Initialization of PRNG in IBM Worklight and Mobile Foundation Improper Logoff Processing Vulnerability in IBM WebSphere eXtreme Scale Phishing Vulnerability in IBM WebSphere eXtreme Scale Monitoring Console Access Restriction Bypass Vulnerability in IBM Maximo Asset Management Unspecified access restriction bypass vulnerability in Webservice Axis Gateway in IBM Rational Focal Point Unspecified Access Restriction Bypass Vulnerability in IBM Rational Focal Point Webservice Axis Gateway Hardcoded Credentials Vulnerability in IBM Platform Symphony Developer Edition Denial of Service Vulnerability in IBM WebSphere MQ Internet Pass-Thru (MQIPT) 2.x Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, SmartCloud Control Desk, and Tivoli Asset Management for IT, allowing remote authenticated users to inject arbitrary web script or HTML. Unspecified Remote Administrative Access Vulnerability in IBM WebSphere DataPower XC10 Appliance Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager (RQM) and related products through 4.0.5 Arbitrary Web Script Injection Vulnerabilities in IBM Sterling B2B Integrator and Sterling File Gateway Cross-Site Scripting (XSS) Vulnerabilities in IBM Sterling B2B Integrator and Sterling File Gateway Frame Injection Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway SQL Injection Vulnerabilities in IBM Sterling B2B Integrator and Sterling File Gateway Unspecified Remote Code Injection Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Session Persistence Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Privilege Escalation through Migration Functionality in IBM WebSphere Application Server Privilege Escalation Vulnerability in IBM Rational ClearCase Unspecified Privilege Escalation Vulnerability in IBM Rational ClearCase Arbitrary Web Script Injection Vulnerability in IBM WebSphere Application Server (WAS) Arbitrary Web Script Injection in IBM WebSphere Application Server Administrative Console Buffer overflow vulnerabilities in mkque and mkquedev in IBM AIX 6.1 and 7.1: Privilege escalation through printq group membership Information Disclosure Vulnerability in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 Arbitrary Web Script Injection Vulnerability in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 Information Disclosure Vulnerability in IBM Rational ClearQuest Web Client User Account Enumeration Vulnerability in IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 IBM Flex System Manager (FSM) 1.3.0 Expired Password Bypass Vulnerability Arbitrary Web Script Injection in IBM WebSphere Virtual Enterprise Administration Console Session Fixation Vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.0, and InfoSphere Master Data Management Server for Product Information Management 9.x CSRF Vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition and Server for Product Information Management Unauthenticated Administrative Actions Vulnerability in IBM WebSphere DataPower XC10 Appliances 2.5.0 Vulnerability: Reuse of One Time Password (OTP) Tokens in IBM Tivoli Federated Identity Manager Default Username and Password Vulnerability in IBM Security AppScan Enterprise 8.x Open Redirect Vulnerability in IBM Tivoli Federated Identity Manager and Business Gateway Hardcoded Database Credentials Vulnerability in IBM InfoSphere Optim Arbitrary Web Script Injection Vulnerability in IBM Flex System Manager (FSM) Sensitive Information Disclosure in IBM InfoSphere Information Server Installation Arbitrary Web Script Injection Vulnerability in IBM Security Network Protection on XGS 5100 Devices IBM Cognos Express CSRF Authentication Hijacking Vulnerability Unspecified Remote Credential Disclosure in IBM Cognos Express Cleartext Information Disclosure Vulnerability in IBM Cognos Express Unspecified Impact and Remote Attack Vector Vulnerability in IBM WebSphere DataPower XC10 Appliances 2.1.0 and 2.5.0 IBM Forms Viewer Stack-based Buffer Overflow Vulnerability Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1 and 7.2 before 7.2 MR1 Patch 1 Arbitrary Web Script Injection in IBM Eclipse Help System (IEHS) Improperly Protected URL in IBM Security AppScan Enterprise Allows Session Token Theft or Modification XML External Entity (XXE) vulnerability in IBM FileNet Business Process Framework 4.1.0 allows remote authenticated users to read arbitrary files or send TCP requests Arbitrary Report File Reading Vulnerability in IBM Security AppScan Enterprise Arbitrary File Read Vulnerability in IBM WebSphere Portal Remote authenticated users can modify virtual-system deployment in IBM SmartCloud Provisioning 2.1 before FP3 IF0001 Arbitrary Code Execution Vulnerability in com.ibm.rmi.io.SunSerializableFactory Class Unspecified Remote Code Execution Vulnerability in IBM Java SDK Unspecified Remote Code Execution Vulnerability in IBM Java SDK 7.0.0 before SR6 Improper Parameter Checking Vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager Access Restriction Bypass and Unauthorized Communication Log Access in IBM Maximo Asset Management and SmartCloud Control Desk Weak Password Hash Storage in IBM Endpoint Manager and Tivoli Remote Control Clickjacking Vulnerability in IBM Content Navigator 2.0.0 - 2.0.2.1 Remote Code Execution in IBM Security QRadar SIEM WinCollect Agent Bypassing Access Restrictions and Modifying Physical Counts in IBM Maximo Asset Management and SmartCloud Control Desk File Type Restriction Bypass Vulnerability in IBM Maximo Asset Management, SmartCloud Control Desk, Tivoli IT Asset Management, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) Denial of Service Vulnerability in IBM DB2 and DB2 Connect Privilege Escalation Vulnerability in IBM Tivoli Monitoring (ITM) on UNIX Unencrypted Login Requests in IBM Algo One and ACSWeb Cisco IOS TCP Implementation Denial of Service Vulnerability Denial of Service Vulnerability in Cisco Secure Access Control System (ACS) CSRF Vulnerability in Cisco Global Site Selector Allows Remote Authentication Hijacking Denial of Service Vulnerability in Cisco IOS and IOS XE NTP Implementation (CSCuc81226) Cisco IOS and IOS XE Memory Leak Vulnerability IPv6 Virtual Fragmentation Reassembly (VFR) Race Condition Vulnerability Denial of Service Vulnerability in Cisco IOS and IOS XE (Bug ID CSCug31561) Denial of Service Vulnerability in Cisco IOS Zone-Based Firewall (Bug ID CSCtx56174) Denial of Service Vulnerability in Cisco IOS 12.2 and 15.0 through 15.3 (Bug ID CSCub67465) Denial of Service Vulnerability in Cisco IOS and IOS XE (Bug ID CSCuf17023) Cisco IOS DNS-over-TCP Denial of Service Vulnerability Cisco IOS DNS-over-TCP Denial of Service Vulnerability Denial of Service Vulnerability in Cisco IOS PPTP Implementation with NAT (Bug ID CSCtq14817) Cross-Frame Scripting Vulnerability in Cisco Prime LAN Management Solution (LMS) Cisco SocialMiner Bookmarklet.jsp Cross-Site Scripting (XSS) Vulnerability Arbitrary File Write Vulnerability in Cisco Prime Data Center Network Manager (DCNM) Arbitrary File Read Vulnerability in Cisco Prime Data Center Network Manager (DCNM) Denial of Service Vulnerability in Cisco Common Services Improper Content Restriction in Cisco SocialMiner Allows Information Disclosure (Bug ID CSCuh74125) Arbitrary Text File Read Vulnerability in Cisco Prime Data Center Network Manager (DCNM) Remote Information Disclosure Vulnerability in Cisco SocialMiner Administration Interface (Bug ID CSCuh76780) Bypassing Access Restrictions in Cisco Virtualization Experience Client 6000 Firmware (Bug ID CSCug68407) CSRF Vulnerability in Cisco Unified MeetingPlace Solution Allows Remote Authentication Hijacking Cisco Unified MeetingPlace Web Framework Cross-Site Scripting (XSS) Vulnerability Denial of Service Vulnerability in Cisco NX-OS ONEP (Bug ID CSCui51551) Denial of Service Vulnerability in Cisco IPS Authentication Manager Process Denial of Service Vulnerability in Cisco CRS and ASR 9000: Bug ID CSCue91963 Denial of Service Vulnerability in Cisco IOS DHCP Server (Bug ID CSCuh46822) Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cisco MediaSense oraadmin Service Page Unspecified parameter XSS vulnerability in Cisco MediaSense (Bug ID CSCuj23328) Unprotected Client-Server Communication Channel in Cisco MediaSense Denial of Service Vulnerability in Cisco IOS XR 4.3.1 UDP Process Arbitrary Web Script Injection Vulnerability in Cisco Identity Services Engine (ISE) Mobile Device Management (MDM) Portal Arbitrary Web Script Injection Vulnerability in Cisco Identity Services Engine (ISE) Administration Page Cisco Firewall Services Module (FWSM) Multiple-Context Authorization Bypass Vulnerability Denial of Service Vulnerability in Cisco ASA Software 9.1 Denial of Service Vulnerability in Cisco ASA and FWSM Software (CSCub98434) Authentication Bypass Vulnerability in Cisco ASA Software Cisco ASA VPN Authentication Bypass Vulnerability Authentication Bypass Vulnerability in Cisco Adaptive Security Device Management (ASDM) Cisco ASA Software HTTP Deep Packet Inspection Race Condition Vulnerability Denial of Service Vulnerability in Cisco Adaptive Security Appliance (ASA) Software Denial of Service Vulnerability in Cisco Adaptive Security Appliance (ASA) Software Denial of Service Vulnerability in Cisco TelePresence Multipoint Switch (CTMS) Devices (Bug ID CSCuh44796) SQL Injection Vulnerability in Cisco Unified Communications Domain Manager Cisco Wireless LAN Controller (WLC) Cross-Site Scripting (XSS) Vulnerability (CSCuf77810) Denial of Service Vulnerability in Cisco Identity Services Engine Default Service Module Credentials Vulnerability in Cisco IOS on Catalyst 3750X Switches (Bug ID CSCue92286) Clickjacking Vulnerability in Cisco Identity Services Engine (ISE) 1.2 and Earlier Cisco Identity Services Engine (ISE) 1.2 and Earlier Cross-Site Scripting (XSS) Vulnerability (CSCug77655) SQL Injection Vulnerability in Cisco Identity Services Engine (ISE) 1.2 and Earlier (Bug ID CSCug90502) Denial of Service Vulnerability in Cisco 9900 IP Phones (Bug ID CSCuf06698) Cisco IOS and IOS XE OSPF LSA Type 11 Packet Denial of Service Vulnerability Tomcat Administrative Web Interface Directory Traversal Vulnerability Insecure Passphrase Validation in Cisco WebEx Meeting Center Deployment Module Arbitrary Command Execution Vulnerability in Cisco Identity Services Engine (ISE) Authentication Bypass Vulnerability in Cisco Identity Services Engine (ISE) 1.x Cisco 9900 IP Phones Buffer Overflow Vulnerability Privilege Escalation Vulnerability in Cisco 9900 Unified IP Phones (Bug ID CSCuh10334) Directory Traversal Vulnerability in Cisco Unity Connection Voice Message Web Service (Bug ID CSCuj22948) Hardcoded Credentials Vulnerability in Cisco Video Surveillance 4000 IP Cameras Cisco Secure Access Control System (ACS) Denial of Service Vulnerability Denial of Service Vulnerability in Cisco Web Security, Email Security, and Content Security Appliances Weak Permissions in Cisco ISE Sponsor Portal Allows Arbitrary File Reading (CSCui67506) Arbitrary File Upload Vulnerability in Cisco Identity Services Engine (ISE) (Bug ID CSCui67511) Denial of Service Vulnerability in Cisco Identity Services Engine (ISE) File-Upload Feature (Bug ID CSCui67519) Arbitrary Code Injection through File Upload in Cisco Identity Services Engine (ISE) (CSCui67495) Denial of Service Vulnerability in Cisco ASA Software (Bug ID CSCui77398) Denial of Service Vulnerability in Cisco IOS XE 3.4 and 3.5 Denial of Service Vulnerability in Cisco ASA Software (Bug ID CSCua91108) Denial of Service Vulnerability in Cisco IOS XE 3.9 PPTP ALG Implementation Denial of Service Vulnerability in Cisco IOS XE 3.7 and 3.8 on 1000 ASR Devices Denial of Service Vulnerability in Cisco IOS XE 3.9 Bypassing IPsec Anti-Replay Features in Cisco IOS IKEv2 Implementation (Bug ID CSCuj47795) Denial of Service Vulnerability in Cisco IOS XR Route-Processor Components (CSCuh30380) Denial of Service Vulnerability in Cisco UCS Fabric Interconnect Component (Bug ID CSCtq86549) Cisco ASA Software Denial of Service Vulnerability Bypassing Access Restrictions in Cisco IOS 12.4(24)MDB9 and Earlier on Content Services Gateway (CSG) Devices (Bug ID CSCug90143) Memory leaks in Cisco IOS 15.1 before 15.1(4)M7 leading to denial of service Directory Traversal Vulnerability in Cisco WAAS Mobile Web-Management Interface (Bug ID CSCuh69773) Denial of Service Vulnerability in Cisco Unified Communications Manager (CUCM) via Crafted SIP Message (Bug ID CSCub54349) Privilege Escalation and Arbitrary Command Execution Vulnerability in Cisco Nexus 1000V Switch Proxy Bypass Content Rewriter Denial of Service Vulnerability Empty Password Vulnerability in Cisco TelePresence VX Clinical Assistant 1.2 Buffer Overflow in Cisco AnyConnect Secure Mobility Client 2.x via Crafted HTML Document (CSCuj58139) Cisco ASA Software Denial of Service Vulnerability Bypassing Policy Restrictions in Cisco ASA CX Context-Aware Security Software (Bug ID CSCui94622) Denial of Service Vulnerability in Cisco Prime Central for HCS (Bug ID CSCuh36313) Arbitrary Web Script Injection in Cisco CS-MARS (Bug ID CSCul16173) Denial of Service Vulnerability in Cisco Prime Central for Hosted Collaboration Solution (HCS) Denial of Service Vulnerability in Cisco IOS XR 5.1 OSPFv3 Functionality (Bug ID CSCuj82176) Denial of Service Vulnerability in Cisco NX-OS 5.0 and Earlier on MDS 9000 Devices (Bug ID CSCte27874) Denial of Service Vulnerability in Cisco ASA Software (Bug ID CSCui45606) Denial of Service Vulnerability in Cisco ASA Software 9.0.3.6 and Earlier (Bug ID CSCui33308) Slideshare Extension 0.1.0 for TYPO3 SQL Injection Vulnerability Arbitrary Web Script Injection Vulnerability in TYPO3 Javascript and CSS Optimizer Extension HMailServer 5.3.x and prior: Memory Corruption Vulnerability Leading to Denial of Service (DoS) LDAP Bind Password Disclosure in Zabbix 2.0.5 Arbitrary Script Injection in Jenkins User Configuration Description Field File Upload Bypass Vulnerability in Joomla! Media Manager Remote Code Execution Vulnerability in WINGRAPHVIZLib.NEATO ActiveX Control in StarUML Denial of Service Vulnerability in ngIRCd 18 through 20.2 Vulnerability: Fixed Memory Location Storage of Client ID in Ammyy Admin 3.2 and Earlier Arbitrary Script Injection Vulnerability in Joomla! 3.1.5 Arbitrary Web Script Injection Vulnerability in WikkaWiki before 1.3.4-p1 Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13 with MakeClicky configuration allows remote attackers to inject arbitrary web script or HTML via a ticket URL. Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cacti 0.8.8b and Earlier Arbitrary SQL Command Execution in Cacti 0.8.8b and Earlier Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox HTML Injection Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Anonymous Content Modification Vulnerability in Mozilla Firefox Buffer Overflow Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Race condition vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey allows remote attackers to execute arbitrary code or cause a denial of service via a large HTML document containing IMG elements Use-after-free vulnerability in nsDocLoader::doStopDocumentLoad function in Mozilla Firefox and Thunderbird before 25.0 allows remote code execution or denial of service Arbitrary File Read and JavaScript Code Execution via PDF.js in Mozilla Firefox Use-after-free vulnerability in nsIPresShell::GetPresContext function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 Use-after-free vulnerability in nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 Use-after-free vulnerability in nsEventListenerManager::SetEventHandler function in Mozilla Firefox and Thunderbird before 25.0 allows remote code execution Arbitrary Code Execution and Memory Corruption Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Use-after-free vulnerability in nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 Stack-based Buffer Overflow in txXPathNodeUtils::getBaseURI function in Mozilla Firefox and Thunderbird Denial of Service Vulnerability in Mozilla Network Security Services (NSS) 3.14 and 3.15 Bypassing Access Restrictions via Incompatible Key-Usage Certificate in NSS 3.15 Integer Overflow in PL_ArenaAllocate Function in Mozilla NSPR Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey Unspecified Remote Code Execution Vulnerabilities in Mozilla Firefox and SeaMonkey Timing-based spoofing vulnerability in Mozilla Firefox before 26.0 Same Origin Policy Violation in Mozilla Firefox and SeaMonkey Use-after-free vulnerability in PresShell::DispatchSynthMouseMove function in Mozilla Firefox Bypassing Sandbox Restrictions in Mozilla Firefox and SeaMonkey Unspecified Impact and Remote Attack Vectors in JavaScript Implementation Use-after-free vulnerability in nsEventListenerManager::HandleEventSubType function in Mozilla Firefox and Thunderbird Use-after-free vulnerability in Mozilla Firefox and Thunderbird allows remote code execution Integer Overflow Vulnerabilities in SpiderMonkey Binary-Search Implementation KVM ARM NULL Pointer Dereference Vulnerability Password Bypass Vulnerability in Check Point Endpoint Security Device-Locking Bypass Vulnerability in Check Point Endpoint Security Persistent XSS Vulnerability in PQI AirCard Persistent XSS Vulnerability in Transcend WiFiSD 1.8 Directory Traversal Vulnerability in Gnew 2013.1 and Earlier: Arbitrary File Read via gnew_language Cookie Multiple SQL Injection Vulnerabilities in Gnew 2013.1 Remote Denial of Service Vulnerability in Asterisk SIP Channel Driver SIP Channel Driver Null Pointer Dereference Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Roundcube Webmail before 0.9.3 Cross-Site Scripting (XSS) Vulnerability in Roundcube Webmail 1.0-git Arbitrary Command Execution via Filename in sounder gem 1.0.1 for Ruby Absolute Path Traversal Vulnerability in libdigidoc 3.6.0.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Juniper Junos Pulse Secure Access Service Denial of Service Vulnerability in Junos Pulse Secure Access Service (IVE) and Junos Pulse Access Control Service (UAC) Denial of Service Vulnerability in virBitmapParse Function in libvirt Remote Code Execution Vulnerability in Ghostscript 9.10 Arbitrary Anonymous Upload Vulnerability in YingZhi Python Programming Language v1.9 FTP Server Directory Traversal Vulnerability in YingZhi Python Programming Language for iOS 1.9 FuzeZip 1.0.0.131625 Local Buffer Overflow Vulnerability Denial of Service Vulnerability in AultWare pwStore 2010.8.30.0 via Empty HTTP Request XSS Vulnerability in AultWare pwStore 2010.8.30.0 Critical User Mode Write Access Violation in Wiz 5.0.3 Remote Code Execution Vulnerability in Power Software WinArchiver 3.2 via Crafted .zip File DNS Response Rate Limiting Vulnerability App-ID cache bypass vulnerability in Palo Alto Networks PAN-OS Palo Alto Networks PAN-OS XSS Vulnerability (Ref ID 50908) Information Disclosure Vulnerability in sendfile System-Call Implementation in FreeBSD 9.2-RC1 and 9.2-RC2 Arbitrary Command Execution Vulnerability in Thecus NAS Server N8800 Firmware 5.03.01 Cleartext Content Disclosure Vulnerability in Thecus NAS Server N8800 Firmware 5.03.01 Cleartext Credential Vulnerability in Thecus NAS Server N8800 Firmware 5.03.01 Arbitrary Script Injection in htmlarea SpellChecker Module Arbitrary Command Execution in fog-dragonfly gem 0.8.2 Multiple Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerabilities in IndiaNIC Testimonial Plugin for WordPress IndiaNIC Testimonial Plugin 2.2 for WordPress SQL Injection Vulnerability PHP Object Injection Vulnerability in Moodle 2.5.x before 2.5.2 Information Disclosure Vulnerability in Jenkins Plugin for SonarQube 3.7 and Earlier Authenticated-Encryption Tampering Vulnerability in OWASP ESAPI for Java Heap-based Buffer Overflow in HylaFAX+ LDAP Authentication Service Information Disclosure Vulnerability in RiskNet Acquirer ApplicationServiceBean Directory Traversal Vulnerabilities in AjaXplorer 5.0.2 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in Open-Xchange AppSuite before 7.2.2 Kernel Vulnerability: Unvalidated ioctl Requests in FreeBSD 8.3 through 9.2-STABLE Directory Traversal Vulnerability in X2Engine X2CRM Allows Remote File Inclusion Arbitrary Web Script Injection in X2Engine X2CRM before 3.5 SQL Injection Vulnerability in Opsview Allows Remote Code Execution Opsview before 4.4.1 - Multiple Cross-Site Scripting (XSS) Vulnerabilities Cross-Site Request Forgery (CSRF) and SQL Injection Vulnerabilities in GLPI before 0.84.2 SQL Injection Vulnerability in mod_accounting.c in Apache mod_accounting Module 0.5 and Earlier Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 Denial of Service Vulnerability in Bloom Filter Implementation in bitcoind and Bitcoin-Qt 0.8.x Untrusted Search Path Vulnerabilities in WatchGuard Server Center Multiple Cross-Site Scripting (XSS) Vulnerabilities in WatchGuard WSM and Fireware Remote Code Execution and Settings Modification Vulnerability in DrayTek Vigor 2700 Router 2.8.3 Bypassing RequestHeader unset Directives in Apache HTTP Server 2.2.22 Bypassing Rules in ModSecurity via Capitalized Chunked Value in Transfer-Encoding Header Multiple Cross-Site Scripting (XSS) Vulnerabilities in Coursemill Learning Management System (LMS) 6.8 Cross-Site Scripting (XSS) Vulnerabilities in Coursemill Learning Management System (LMS) 6.8 Cross-Site Request Forgery (CSRF) Vulnerability in Coursemill Learning Management System (LMS) 6.8 Insufficient Entropy in Authentication Implementation on Siemens SCALANCE X-200 Switches Bypassing Access Restrictions via Hardlink in FreeBSD Nullfs Implementation Arbitrary Web Script Injection in Design Approval System Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in VideoWhisper Live Streaming Integration Plugin for WordPress Buffer Overflow Vulnerability in Gretech GOM Media Player (Version 2.2.53.5169) with Unspecified Impact and Attack Vectors Denial of Service Vulnerability in Gretech GOM Media Player 2.2.53.5169 and Earlier Denial of Service Vulnerability in Wireshark Bluetooth HCI ACL Dissector Denial of Service Vulnerability in Wireshark NBAP Dissector Denial of Service Vulnerability in ASSA R3 Dissector in Wireshark Buffer Overflow Vulnerability in Wireshark RTPS Dissector MQ Dissector Loop Denial of Service Vulnerability Denial of Service Vulnerability in Wireshark LDAP Dissector Remote SQL Injection Vulnerability in SAP NetWeaver 7.30 via ABAD0_DELETE_DERIVATION_TABLE World-writable permissions for cache files in Phpbb3 before 3.0.11-4 for Debian GNU/Linux Unauthenticated File Overwrite Vulnerability in Metaclassy Byword App 2.x for iOS Unauthenticated Follow and Favorite Vulnerability in Tweetbot CSRF Vulnerabilities in D-Link DSL-2740B Gateway Firmware EU_1.00 Unfiltered HTML Upload Vulnerability in WordPress Cross-Site Scripting (XSS) Vulnerability in WordPress before 3.6.1 Intel Trusted Execution Technology (TXT) SINIT ACM Unspecified Vulnerability Denial of Service Vulnerability in Triangle Research International Nano-10 PLC Devices Multiple SQL Injection Vulnerabilities in Zabbix Versions 1.8.x, 2.0.x, and 2.1.x Arbitrary Web Script Injection Vulnerability in Feng Office 2.3.2-rc and Earlier Denial of Service Vulnerability in GNOME Vino Server CSRF vulnerability in SimpleRisk allows unauthorized project addition Arbitrary Code Injection via new_project Parameter in SimpleRisk Denial of Service Vulnerability in FriendsOfSymfony FOSUserBundle Arbitrary File Read Vulnerability in SAP NetWeaver 7.x Weak Authorization Implementation on Dahua DVR Appliances Allows Remote Administrative Access Hardcoded Password Vulnerability in Yealink IP Phone SIP-T38G Yealink VoIP Phone SIP-T38G Directory Traversal Vulnerability Yealink VoIP Phone SIP-T38G Absolute Path Traversal Vulnerability Remote Command Execution in Yealink VoIP Phone SIP-T38G Information Disclosure: Remote Listing of OS User Accounts in QNAP Photo Station Unspecified Remote Code Execution Vulnerability in Oracle Siebel CRM Integration Scripting Component Unspecified Local Vulnerability in Oracle Siebel CTMS Component in Oracle Industry Applications 8.1.1.x Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 Unspecified Remote Code Execution Vulnerability in Oracle Database Server Unspecified XML Publisher Vulnerability in Oracle PeopleSoft Products Unspecified Remote Integrity Vulnerability in Oracle Enterprise Manager Grid Control Unspecified Remote Availability Vulnerability in MySQL Server Component Unspecified Remote Integrity Vulnerability in Siebel UI Framework Component Unspecified Remote Code Execution Vulnerability in Oracle Siebel CRM 8.1.1 Unspecified Locking Vulnerability in Oracle MySQL Server 5.6.11 and Earlier Unspecified XML Parser Vulnerability in Oracle Database Server Unspecified Remote Integrity Vulnerability in Oracle Java SE Unspecified Remote Integrity Vulnerability in Oracle Containers for J2EE in Oracle Fusion Middleware 10.1.3.5.0 Unspecified Remote Integrity Vulnerability in Oracle Java SE Unspecified vulnerability in Oracle Java SE and JavaFX components Unspecified Remote Integrity Vulnerability in Oracle Java SE Components Unspecified vulnerability in Oracle Java SE and JavaFX components Confidentiality vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier related to 2D. Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Confidentiality vulnerability in Oracle Java SE and JRockit versions Unspecified vulnerability in Oracle PARC Enterprise T4 Servers: Local user privilege escalation via Sun System Firmware/ILOM Unspecified 2D Vulnerability in Oracle Java SE Swing-related Unspecified Vulnerability in Oracle Java SE Remote Code Execution Vulnerability in Oracle Java SE Unspecified vulnerability in Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.6, 11.1.1.7, and 11.1.2.1 Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.12 and Earlier Unspecified Remote Code Execution Vulnerability in Oracle Java SE Unspecified Remote Code Execution Vulnerability in Oracle Java SE 7u40 and Earlier Unspecified vulnerability in Oracle Java SE versions 7u40 and earlier, 6u60 and earlier, and Java SE Embedded 7u40 and earlier Confidentiality vulnerability in Oracle Java SE versions 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier related to BEANS Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 Unspecified Apache-related vulnerability in Oracle E-Business Suite 12.1 Unspecified Remote Availability Vulnerability in Oracle MySQL Server 5.6.12 and Earlier Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified Confidentiality Vulnerability in Oracle Demantra Demand Management Component Unspecified Remote Code Execution Vulnerability in Siebel Core - EAI Component in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Javadoc-related vulnerability in Oracle Java SE and JavaFX Unspecified Integrity Vulnerability in Oracle Identity Manager Component Unspecified Remote Integrity Vulnerability in Oracle Agile PLM Framework Confidentiality vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier related to JGSS Confidentiality vulnerability in Oracle Java SE related to 2D rendering Unspecified JAXP-related vulnerability in Oracle Java SE and JRockit Remote Code Execution Vulnerability in Oracle Java SE Unspecified Javadoc-related vulnerability in Oracle Java SE Unspecified Remote Code Execution Vulnerability in Oracle Java SE 7u40 and earlier Unspecified Remote Code Execution Vulnerability in Oracle Java SE 7u40 and earlier Unspecified Replication Vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 Unspecified Confidentiality Vulnerability in Oracle iPlanet Web Proxy Server Unspecified Remote Code Execution Vulnerability in Oracle Java SE Unspecified Remote Code Execution Vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier Unspecified Confidentiality Vulnerability in Oracle Health Sciences InForm Component Unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment. Unspecified vulnerability in Oracle WebCenter Content component in Oracle Fusion Middleware CORBA-related vulnerability in Oracle Java SE versions 5.0u51, 6u60, and 7u40 and earlier Unspecified Security Vulnerability in Oracle Identity Analytics Component Unspecified Remote Code Execution Vulnerability in Oracle GlassFish Server Component Unspecified JNDI-related vulnerability in Oracle Java SE versions 5.0u51, 6u60, and 7u40 and earlier Unspecified Integrity Vulnerability in Oracle Java SE Unspecified Integrity Vulnerability in Oracle Java SE Remote Code Execution Vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier via JAX-WS Unspecified RPC-related vulnerability in Oracle Solaris 8, 9, 10, and 11.1 Unspecified Remote Code Execution Vulnerability in Oracle iLearning Component Unspecified Remote Code Execution Vulnerability in Oracle Java SE Unspecified vulnerability in Oracle Java SE versions 7u40 and earlier, 6u60 and earlier, and Java SE Embedded 7u40 and earlier Unspecified vulnerability in Oracle Java SE allows remote attackers to affect availability via JAXP vectors Unspecified Remote Code Execution Vulnerability in Oracle Transportation Management Unspecified Remote Integrity Vulnerability in Oracle Enterprise Manager Grid Control Unspecified Remote Integrity Vulnerability in Oracle Enterprise Manager Grid Control Unspecified vulnerability in Oracle Java SE versions 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier Unspecified Libraries Vulnerability in Oracle Java SE Unspecified Remote Integrity Vulnerability in Oracle Java SE Unspecified vulnerability in Oracle Java SE versions 7u40 and earlier, 6u60 and earlier, and Java SE Embedded 7u40 and earlier Unspecified Filesystem Vulnerability in Oracle Solaris 8 and 9 Unspecified Local Vulnerability in Oracle Solaris 8 Affecting Confidentiality, Integrity, and Availability via Unknown Vectors Related to ps Unspecified vulnerability in Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified vulnerability in Oracle Health Sciences InForm component in Oracle Industry Applications Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier: Confidentiality, Integrity, and Availability Impact via Libraries Unspecified Remote Integrity Vulnerability in Oracle Solaris 10 via Oracle Java Web Console Confidentiality vulnerability in Oracle Java SE versions 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier related to Libraries Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified Remote Code Execution Vulnerability in Oracle Java SE Unspecified 2D-related vulnerability in Oracle Java SE versions 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier Unspecified Remote Code Execution Vulnerability in Oracle Java SE and JavaFX Unspecified Remote Integrity Vulnerability in Oracle iLearning Component Unspecified vulnerability in Oracle Java SE and JavaFX allows remote attackers to affect confidentiality, integrity, and availability Unspecified Confidentiality Vulnerability in PeopleSoft Enterprise HRMS eCompensation Component Unspecified Remote Integrity Vulnerability in Oracle Java SE and JavaFX Confidentiality vulnerability in Oracle Java SE versions 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier related to AWT. Unspecified vulnerability in Oracle Java SE versions 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier, allowing remote attackers to compromise confidentiality, integrity, and availability via unknown vectors related to Libraries. Confidentiality vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier related to JAXP Unspecified vulnerability in Oracle Java SE versions 7u40 and earlier, 6u60 and earlier, and Java SE Embedded 7u40 and earlier Unspecified Remote Code Execution Vulnerability in Oracle Database Server Unspecified Remote Confidentiality Vulnerability in Oracle Java SE and JavaFX Cross-Site Scripting (XSS) Vulnerability in Oracle Mojarra 2.2.x and 2.1.x Unspecified Web-related vulnerability in Oracle Health Sciences InForm component in Oracle Industry Applications Unspecified Web-related vulnerability in Oracle Health Sciences InForm component in Oracle Industry Applications Unspecified Integrity Vulnerability in Oracle Database Server Unspecified Confidentiality Vulnerability in Oracle Primavera Products Suite 8.0.6 and 8.5 Unspecified GIS-related vulnerability in Oracle MySQL Server 5.6.14 and earlier Remote Denial of Service Vulnerability in Oracle Solaris 11.1 via Kernel/KSSL Unspecified vulnerability in Oracle Solaris 10 and 11.1 related to CPU performance counters (CPC) drivers Remote Integrity Affecting Vulnerability in Oracle Solaris 11.1 via IPS Repository Daemon Unspecified USB Hub Driver Vulnerability in Oracle Solaris 10 and 11.1 Unspecified Local User Vulnerability in Oracle Solaris 11.1 Unspecified Local Privilege Escalation Vulnerability in Oracle Solaris 11.1 Kernel Unspecified Remote Code Execution Vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 Unspecified Confidentiality Vulnerability in Oracle AutoVue Electro-Mechanical Professional Component Unspecified Confidentiality Vulnerability in Oracle WebCenter Portal Component Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 Unspecified Confidentiality Vulnerability in Oracle AutoVue Electro-Mechanical Professional Component Local Denial of Service Vulnerability in Oracle Solaris 10 and 11.1 via Name Service Cache Daemon (NSCD) Unspecified Confidentiality Vulnerability in Oracle PeopleSoft Products Unspecified Confidentiality Vulnerability in Oracle E-Business Suite Unspecified RBAC-related vulnerability in Oracle Solaris 11.1 Unspecified Local Availability Vulnerability in Oracle Solaris 10 and 11.1 Unspecified Confidentiality Vulnerability in Oracle Demantra Demand Management Component Unspecified vulnerability in Oracle Java SE and OpenJDK allows remote attackers to escape the sandbox Unspecified vulnerability in Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 Unspecified Confidentiality Vulnerability in Oracle Demantra Demand Management Component Unspecified Remote Availability Vulnerability in MySQL Server Component Unspecified Remote Code Execution Vulnerability in MySQL Server Component Unspecified Local Vulnerability in Oracle Solaris 8 Affecting Kernel Integrity and Availability Unspecified vulnerability in Oracle Java SE and OpenJDK allows remote attackers to affect confidentiality via CORBA vectors Unspecified Integrity Vulnerability in Oracle Solaris 11.1 Related to Audit Unspecified Remote Integrity Vulnerability in PeopleSoft Enterprise HRMS Component Unspecified Remote Code Execution Vulnerability in Oracle Java SE 6u65 and 7u45 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 with GNOME, impacting confidentiality, integrity, and availability via Deployment vectors Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 Unspecified vulnerability in Oracle Payroll component in Oracle E-Business Suite Unspecified Remote Availability Vulnerability in MySQL Server Component Unspecified vulnerability in Oracle VM VirtualBox component Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7 Unspecified Remote Availability Vulnerability in MySQL Server Component Unspecified Confidentiality Vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 Unspecified vulnerability in Oracle Java SE and OpenJDK allows remote attackers to affect availability via CORBA vectors Unspecified vulnerability in Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0, 6.1, and 6.1.1 Unspecified Remote Code Execution Vulnerability in Oracle Java SE 6u65 and 7u45 Unspecified Remote Confidentiality Vulnerability in Oracle Java SE 6u65 and 7u45 Unspecified Integrity Vulnerability in Oracle Identity Manager Component Unspecified Confidentiality Vulnerability in Oracle Identity Manager Component Unspecified Remote Code Execution Vulnerability in Oracle Java SE 6u65 and 7u45 Unspecified Remote Code Execution Vulnerability in Oracle Java SE 7u45 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 Unspecified vulnerability in Oracle Java SE and JRockit allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D Unspecified Remote Code Execution Vulnerability in MySQL Server Unspecified vulnerability in PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 Unspecified vulnerability in Oracle Java SE and OpenJDK allows remote attackers to affect integrity via unknown vectors related to Security Arbitrary Web Script Injection Vulnerability in Tenable SecurityCenter 4.6 through 4.7 Arbitrary Code Execution in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 Arbitrary web script injection vulnerability in OXID eShop before 4.6.7, 4.7.x before 4.7.8, and 5.x before 5.0.8 Buffer Overflow in ssl_read_record function in PolarSSL: Remote Code Execution Timing Side-Channel Attack on RSA-CRT Implementation in PolarSSL Arbitrary Web Script Injection Vulnerability in Bradesco Gateway Plugin for WordPress Arbitrary SQL Command Execution in NOSpam PTI Plugin 2.1 for WordPress Platinum SEO Plugin XSS Vulnerability Denial of Service Vulnerability in Suricata before 1.4.6 via Malformed SSL Record Arbitrary Web Script Injection Vulnerability in Real Estate PHP Script Arbitrary SQL Command Execution in Real Estate PHP Script's property_listings_detail.php Unspecified Vulnerability in Sophos UTM WebAdmin: Unknown Impact and Attack Vectors Stack-based Buffer Overflow in init_runit Socket on Android 2.3.7 Hardcoded Password Vulnerability in Open-Xchange AppSuite Unrestricted Network Interface Access Vulnerability in Hazelcast Cluster API Information Disclosure Vulnerability in Hazelcast Cluster API CSRF Vulnerability in Click2Sell Suite Module for Drupal Click2Sell Suite Module for Drupal 6.x-1.x Cross-Site Scripting (XSS) Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in PHPCMS Guestbook Module Arbitrary Code Execution via Unsafe Pickle Usage in Graphite 0.9.5-0.9.10 Unspecified Cross-Site Scripting (XSS) Vulnerabilities in Graphite before 0.9.11 Authentication Bypass Vulnerability in Siemens SCALANCE X-200 and X-200IRT Switches Multiple SQL Injection Vulnerabilities in D-Link DSR Series Routers Arbitrary Command Execution via Shell Metacharacters in D-Link DSR Routers Arbitrary Command Execution Vulnerability in ASUS RT-AC68U and RT Series Routers Multiple Cross-Site Scripting (XSS) Vulnerabilities in eXtplorer 2.1.3 Component for Joomla! Multiple Cross-Site Scripting (XSS) Vulnerabilities in Freichat Component for Joomla! Cross-Site Scripting (XSS) Vulnerabilities in Multi Calendar Component for Joomla! Cross-Site Request Forgery (CSRF) Vulnerabilities in OpenX 2.8.11 and Earlier: Remote Authentication Hijacking Arbitrary Web Script Injection Vulnerability in PBBooking Component for Joomla! Arbitrary Web Script Injection Vulnerability in Youtube Gallery Component for Joomla! Multiple SQL Injection Vulnerabilities in CiviCRM Denial of Service Vulnerability in Symfony Security Component Denial of Service Vulnerability in Blue Coat ProxySG Authenticated-Encryption Tampering Vulnerability in OWASP ESAPI for Java Arbitrary PHP Code Execution via Unrestricted File Upload in Lazy SEO Plugin for WordPress Arbitrary Code Execution via Unrestricted File Upload in Complete Gallery Manager Plugin for WordPress Arbitrary Code Execution via Unrestricted File Upload in Simple Dropbox Upload Plugin for WordPress Arbitrary Script Injection in Flag Module Administration Page Information Disclosure Vulnerability in Node View Permissions Module for Drupal ZK Framework XSS Vulnerability Multiple SQL Injection Vulnerabilities in AlienVault OSSIM 4.3 and Earlier Arbitrary Script Injection Vulnerability in CA SiteMinder Denial of Service Vulnerability in VMware ESXi and ESX Session Fixation Vulnerability in vSphere Web Client Server Allows Remote Session Hijacking Privilege Escalation via Shared Libraries in VMware Workstation and Player on Linux Arbitrary File Read/Write Vulnerability in VMware ESXi and ESX Clickjacking Vulnerability in F5 BIG-IP APM 11.1.0 through 11.2.1 Arbitrary Web Script Injection Vulnerability in F5 BIG-IP APM Logout Page CSRF Vulnerability in Cart66 Lite Plugin for WordPress Cross-Site Scripting (XSS) Vulnerabilities in Cart66 Lite Plugin for WordPress Directory Traversal Vulnerability in Spring Signage Xibo 1.2.x and 1.4.x Multiple Cross-Site Scripting (XSS) Vulnerabilities in GuppY before 4.6.28 Arbitrary File Deletion Vulnerability in Microweber before 0.830 Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 Unspecified privilege escalation vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 Cross-site Scripting (XSS) Vulnerability in All in One SEO Pack Plugin for WordPress Remote Code Execution Vulnerability in JustSystems Ichitaro Software Sensitive Information Disclosure in LOCKON EC-CUBE 2.11.0 through 2.11.5 Arbitrary Script Injection in LOCKON EC-CUBE 2.11.0 through 2.11.5 CSRF Vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 Allows Remote Authentication Hijacking Sensitive Information Disclosure in LOCKON EC-CUBE 2.11.2 through 2.13.0 Sensitive Information Disclosure in LOCKON EC-CUBE 2.12.3 through 2.13.0 Cross-Site Scripting (XSS) Vulnerabilities in LOCKON EC-CUBE Shopping/Payment Components Unspecified Denial of Service Vulnerability in D-Link Japan DES-3800 SSH Implementation Unspecified Denial of Service Vulnerability in D-Link Japan DES-3800 Web Manager Unverified X.509 Certificates in Kingsoft KDrive Personal on Windows Arbitrary File Read Vulnerability in Tattyan HP TOWN before 5_10_1 SQL Injection Vulnerability in Cybozu Garoon Space Function Denial of Service Vulnerability in Cybozu Garoon Server CRLF Injection Vulnerability in Cybozu Garoon 3.1 through 3.5 SP5 Session Fixation Vulnerability in Cybozu Garoon before 3.7.2: Remote Session Hijacking Arbitrary Script Injection via Cancel Button in Cybozu Dezie before 8.1.0 Bypassing Keitai Authentication in Cybozu Garoon 3.5 through 3.7 SP2 CRLF Injection Vulnerability in Open-Xchange AppSuite before 7.2.2 Arbitrary Script Injection in Comment Attachment Plugin for WordPress Denial of Service Vulnerability in Citrix NetScaler ADC 10.0 Authentication Bypass Vulnerability in Juniper Junos 12.1X44 and 12.1X45 Buffer Overflow Vulnerability in Juniper Junos Flow Daemon (flowd) Juniper Junos Proxy ARP Vulnerability Denial of Service Vulnerability in Juniper Junos TCP Connection State Change Vulnerability in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, WOM, Analytics, PSM, and WebAccelerator Atmail Webmail Server XSS Vulnerability CSRF Vulnerability in Tyler Technologies TaxWeb 3.13.3.1 Allows Password Hijacking Arbitrary Web Script Injection in Tyler Technologies TaxWeb 3.13.3.1 Account Enumeration Vulnerability in Tyler Technologies TaxWeb 3.13.3.1 Buffer Overflow in WGagent: Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in Tiki Wiki CMG Groupware 11.0 via paraZeroClipboard.swf TVT TD-2308SS-B DVR Firmware 3.2.0.P-3520A-00 Directory Traversal Vulnerability Information Disclosure Vulnerability in F5 BIG-IP APM, BIG-IP Edge Gateway, and FirePass XML External Entity (XXE) vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 Remote Authentication Bypass and Settings Modification Vulnerability in Multiple Router Models Stack-based Buffer Overflow in D-Link DIR-100 Routers' RuntimeDiagnosticPing Function CSRF Vulnerabilities in Atmail Webmail Server before 7.2 Allow Remote Authentication Hijacking AT&T Connect Participant Application Buffer Overflow Vulnerability Directory Traversal Vulnerability on Emerson Network Power Avocent MergePoint Unity 2016 KVM Switch with Firmware 1.9.16473 Unauthenticated Access to API Pages in Huawei E355 Adapter Firmware 21.157.37.01.910 Vulnerability: Password Bypass in Lexmark Printers Multiple Cross-Site Scripting (XSS) Vulnerabilities on Lexmark Printers Hardcoded Credentials Vulnerability in Satellite Terminals Unauthenticated Remote Code Execution in Satellite Terminals Aker Secure Mail Gateway 2.5.2 XSS Vulnerability in index.php Arbitrary Code Execution Vulnerability in Trimble SketchUp Viewer 13.0.4124 Multiple Cross-Site Scripting (XSS) Vulnerabilities in NagiosQL 3.2 SP2 Arbitrary Code Execution Vulnerabilities in MW6 Aztec, DataMatrix, and MaxiCode ActiveX Controls Arbitrary Command Execution via SOFTCookies sid Cookie in Softaculous Webuzo Arbitrary Code Injection via User Parameter in Softaculous Webuzo File Manager Module User Enumeration Vulnerability in Softaculous Webuzo Login Function Cross-Site Scripting (XSS) Vulnerability in Django's is_safe_url Function Heap-based Buffer Overflow Vulnerabilities in OpenJPEG 1.3 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in ikiwiki-hosting Site Creation Interface Denial of Service Vulnerability in Munin's get_group_tree Function Insecure Temporary File Creation in apt-listbugs before 0.1.10 Integer Overflow in Links 2.8: Remote Denial of Service via Crafted HTML Tables Denial of Service Vulnerability in Quagga 0.99.21 via Crafted BGP Update Heap-based Out-of-Bounds Read Vulnerability in OpenJPEG 1.3 and Earlier Heap-based Out-of-Bounds Read Vulnerability in OpenJPEG 1.5.1 Heap-based Buffer Overflow in OpenJPEG 1.3 with Remote Vectors (Unspecified Impact) Title: Path Traversal Vulnerability in OSSIM before 4.3.3.1 in tele_compress.php SQL Injection Vulnerability in appRain CMF 3.0.2 and Earlier: Remote Code Execution via PATH_INFO Arbitrary Web Script Injection via SVG File in Open-Xchange (OX) AppSuite Denial of Service and Impersonation Vulnerability in strongSwan's compare_dn Function Denial of Service Vulnerability in strongSwan 5.0.2 through 5.1.0 via Crafted IKEv1 Fragmentation Packet Policy Rule Permissions Bypass in Citrix XenDesktop 7.0 Default Configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 Vulnerability Buffer Overflow Vulnerability in MostGear Soft Easy LAN Folder Share 3.2.0.100 Unspecified Cross-Site Scripting (XSS) Vulnerability in mod_pagespeed module for Apache HTTP Server Integer Overflow in OZDocument::parseElement Function in Apple Motion 5.0.7 Dahua DVR Authentication Bypass and Sensitive Information Disclosure Vulnerability Improper Synchronization in Goodix gt915 Touchscreen Driver Allows Access Restriction Bypass and Memory Corruption Multiple array index errors in MSM camera driver allow privilege escalation through camera device-node access Symlink Attack Vulnerability in Qualcomm Innovation Center (QuIC) Init Scripts Arbitrary File Creation and Execution Vulnerability in SUPERGRIDLib.SuperGrid ActiveX Control Arbitrary File Creation and Execution Vulnerability in KCHARTXYLib.KChartXY ActiveX Control vBulletin 4.1 and 5 Remote Code Execution Vulnerability Arbitrary File Read Vulnerability in op5 Monitor before 6.1.3 Denial of Service Vulnerability in Schneider Electric ClearSCADA and SCADA Expert ClearSCADA Denial of Service Vulnerability in Schneider Electric Telvent SAGE 3030 RTU Arbitrary Web Script Injection in Code-Crafters Ability Mail Server 3.1.1 Multiple Cross-Site Scripting (XSS) Vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 Arbitrary SQL Command Execution in Project'Or RIA 3.4.0 via objectId Parameter Cookie Header Validation Vulnerability in Google Chrome Persistent Logout CSRF Vulnerability in Mozilla Firefox Zikula Application Framework XSS Vulnerability in index.php Vulnerability: Weak SSL Ciphers and SSLv2 Support in ejabberd TLS Driver Denial of Service Vulnerability in Juniper Junos NGEN MVPN Environment Local Privilege Escalation in Dovecot 2.2.7 and earlier versions Arbitrary Code Execution and File Manipulation Vulnerability in Roundcube Webmail Cross-Site Request Forgery (CSRF) Vulnerabilities in EMC Document Sciences xPression Open Redirect Vulnerabilities in EMC Document Sciences xPression Multiple Cross-Site Scripting (XSS) Vulnerabilities in EMC Document Sciences xPression SQL Injection Vulnerabilities in EMC Document Sciences xPression Arbitrary File Read Vulnerability in EMC Document Sciences xPression Arbitrary Web Script Injection in EMC RSA Archer GRC 5.x before 5.4 SP1 Unauthenticated Remote Access Vulnerability in EMC RSA Security Analytics and RSA NetWitness NextGen Cleartext Storage of Polled-Device Passwords in EMC Watch4Net Installation Repository Unquoted Windows Search Path Privilege Escalation Vulnerability in EMC Replication Manager CSRF Vulnerability in HP System Management Homepage (SMH) 7.1 through 7.2.2 Unspecified Remote Code Execution Vulnerability in HP Application Information Optimizer Arbitrary Web Script Injection Vulnerability in HP Operations Orchestration CSRF Vulnerability in HP Operations Orchestration before 9 Unspecified Denial of Service Vulnerability on Multiple HP LaserJet Printers Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector 6.2X (ZDI-CAN-1905) Unspecified Remote Code Execution Vulnerability in HP Storage Data Protector 6.2X HP Autonomy Ultraseek 5 Cross-Site Scripting (XSS) Vulnerability Unspecified Remote Code Execution Vulnerability in HP Service Manager WebTier and Windows Client Arbitrary Web Script Injection Vulnerability in HP Service Manager WebTier and Windows Client Unspecified Local Information Disclosure and Data Modification Vulnerability in HP-UX m4 Unspecified Remote Code Execution Vulnerability in HP Security Management System CSRF Vulnerabilities in HP Service Manager 9.30-9.33: Authentication Hijacking and Code Execution Remote Code Execution and Information Disclosure Vulnerability in HP Application Information Optimizer Web Console (ZDI-CAN-1656) Remote Code Execution and Information Disclosure Vulnerability in HP Application Information Optimizer Web Console Unspecified Local Vulnerability in HP Rapid Deployment Pack (RDP) and Insight Control Server Deployment Unspecified Remote Vulnerability in HP Rapid Deployment Pack (RDP) and Insight Control Server Deployment Arbitrary File Read and Denial of Service Vulnerability in HP SiteScope SOAP Implementation (ZDI-CAN-2084) Unspecified Privilege Escalation Vulnerability in HP Smart Update Manager 5.3.5 Unspecified Denial of Service Vulnerability in HP-UX NFS Subsystem Unspecified Remote Code Execution Vulnerability in HP Unified Functional Testing (ZDI-CAN-1932) Unspecified Remote Information Disclosure and Denial of Service Vulnerability in HP StoreOnce Appliances Unspecified Information Disclosure Vulnerability in HP Database and Middleware Automation Unspecified Remote Code Execution Vulnerability in HP LoadRunner Unspecified Remote Information Disclosure Vulnerability in HP Universal Configuration Management Database Integration Service (ZDI-CAN-2042) Unspecified Remote Code Execution Vulnerability in HP Universal Configuration Management Database Integration Service (ZDI-CAN-1977) Privilege Escalation Vulnerability in HP Array Configuration Utility and Related Tools Unspecified Remote Code Execution Vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x Unspecified Local Access Bypass Vulnerability in HP-UX Whitelisting Arbitrary Web Script Injection Vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 Arbitrary File Creation and Code Execution Vulnerability in HP Service Virtualization Arbitrary Web Script Injection Vulnerability in HP Service Manager (SM) 7.21 and 9.x before 9.34 Base64 Encoded Admin Credentials Stored in 1click File Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in LiveZilla before 5.1.1.0 Critical Remote Code Execution Vulnerability in LiveZilla 5.0.1.4 Directory Traversal Vulnerability in Zoho Plugin in Pydio (formerly AjaXplorer) Arbitrary Code Execution via Unrestricted File Upload in Zoho Plugin for Pydio Multiple Cross-Site Scripting (XSS) Vulnerabilities in Atmail Webmail Server 7.0.2 Misinterpretation of Netmask in Winsock WSAIoctl API Allows IP Address Restriction Bypass Privilege Escalation in SpagoBI AdapterHTTP Script (Pre-4.1) SpagoBI 4.1 XSS Vulnerability in Document Note Execution Page SpagoBI 4.1 XSS Vulnerability in Short Document Metadata Description Field XSS File Upload Vulnerability in SpagoBI Worksheet Designer Cross-Site Scripting (XSS) Vulnerabilities in JAMon 2.7 and Earlier IZON IP 2.0.2: Critical Hard-Coded Password Vulnerability Clipboard Information Disclosure Vulnerability Arbitrary Script Injection in Exis Contexis Photo Gallery Model SQL Injection Vulnerability in Open-Xchange (OX) AppSuite Birthday Widget Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 6.22.3 and 6.22.4 Arbitrary SQL Command Execution Vulnerability in Landing Pages Plugin for WordPress XML External Entity (XXE) vulnerability in Live Update webdynpro application in SAP NetWeaver 7.31 and earlier Remote Code Execution Vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) Bypassing CAPTCHA Protections in Dell Quest One Password Manager Multiple Cross-Site Scripting (XSS) Vulnerabilities in Claroline before 1.11.9 Android Vulnerability: Bypassing Device Locks via Crafted Application Arbitrary Phone Call and Code Execution Vulnerability in Android CSRF Vulnerabilities in Horde Groupware Webmail Edition 5.1.2 and Earlier Hardcoded Entries in Authorized_Keys Files in Legacy QNAP Models Hardcoded RSA Private Keys in QNAP VioCard 300 Arbitrary Code Injection through Social Sharing Toolkit Plugin in WordPress Arbitrary Code Injection through XSS Vulnerability in dhtmlxSpreadsheet Plugin for WordPress Memory Corruption Vulnerability in Linux Kernel on ARM Platforms Remote Code Execution and Denial of Service Vulnerability in VideoLAN VLC Media Player Code Injection Vulnerability in SAP ERP Central Component (ECC) Financial Services Module Information Disclosure Vulnerability in Treasurer Application of Tyler Technologies TaxWeb 3.13.3.1 Insecure Unserialize Vulnerability in Apache Solr for TYPO3 Extension Arbitrary Web Script Injection in Apache Solr for TYPO3 Extension Privilege Escalation Vulnerability in PrestaShop 1.5.5 via Salesman Account and Upload Module Arbitrary web script injection vulnerability in IBM Algo One Arbitrary web script injection vulnerability in IBM Algo One Arbitrary web script injection vulnerability in IBM Algo One SQL Injection Vulnerability in IBM Algo One and Related Tools IBM Algo One Directory Traversal Vulnerability Directory Traversal Vulnerabilities in IBM Algo One (ARA) 2.4.0.1 - 4.9.1 Credentials Encryption Key Reuse in IBM Platform Symphony 5.2 and 6.1.0.1 Unspecified Local Privilege Escalation Vulnerability on IBM Power 7 Systems IBM Security QRadar SIEM 7.0 Cross-Site Scripting (XSS) Vulnerability Phishing Vulnerability in IBM Marketing Platform 9.1 before FP2 Session Hijacking Vulnerability in IBM Marketing Platform 9.1 before FP2 IBM Marketing Platform 9.1 XSS Vulnerability IBM Marketing Platform 9.1 SQL Injection Vulnerability Arbitrary File Read Vulnerability in IBM Rational Service Tester and Rational Performance Tester Arbitrary Web Script Injection Vulnerability in IBM InfoSphere Enterprise Records Clickjacking Vulnerability in IBM InfoSphere Enterprise Records Information Disclosure Vulnerability in IBM WebSphere Portal Arbitrary Web Script Injection Vulnerability in IBM Algo One Bypassing Access Restrictions in IBM Algo One and AlgoWebApps Arbitrary web script injection vulnerability in IBM Algo One SQL Injection Vulnerability in IBM Atlas Suite Arbitrary Web Script Injection Vulnerability in IBM Sterling Order Management Arbitrary Web Script Injection Vulnerability in IBM WebSphere Application Server Denial of Service Vulnerability in IBM WebSphere Application Server Cross-site scripting (XSS) vulnerability in IBM Sterling Connect:Enterprise before 1.4.0.0 iFix 1 Arbitrary web script injection vulnerability in IBM WebSphere Portal Denial of Service Vulnerability in IBM Global Security Kit (GSKit) Information Disclosure Vulnerability in IBM WebSphere Application Server 7.x SQL Injection Vulnerability in IBM Algo One and Related Tools Arbitrary Code Execution via Unrestricted File Upload in IBM Algo One UDS 4.7.0 - 5.0.0 Arbitrary web script injection vulnerability in IBM Algo One Session Validation Bypass in IBM Atlas Suite File Permissions Bypass Vulnerability in IBM Tivoli Storage Manager (TSM) Denial of Service Vulnerability in Wireshark IEEE 802.15.4 Dissector Denial of Service Vulnerability in Wireshark NBAP Dissector Denial of Service Vulnerability in Wireshark SIP Dissector Denial of Service Vulnerability in OpenWire Dissector in Wireshark TCP Dissector Denial of Service Vulnerability Dokeos 2.2 RC2 and Earlier SQL Injection Vulnerability Arbitrary Script Injection in Tweet Blender Plugin for WordPress Remote Code Execution Vulnerability in ASUS RT-N56U and RT-AC66U Routers Cross-Frame Scripting Vulnerability in Novell ZENworks Configuration Management (ZCM) Unspecified Application Exception Vulnerability in Novell ZENworks Configuration Management (ZCM) CSRF Vulnerability in Novell ZENworks Configuration Management (ZCM) Allows Authentication Hijacking Session Fixation Vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 Cross-Site Scripting (XSS) Vulnerabilities in Apache Struts 2.3.15.3 Arbitrary Command Execution Vulnerability in McAfee Email Gateway (MEG) 7.0 and 7.5 Apache Tomcat Manager Application Cross-Site Request Forgery (CSRF) Vulnerability Arbitrary Code Execution via Crafted Profile Upload in PrestaShop 1.5.5 Denial of Service Vulnerability in Munin::Master::Node Critical Security Vulnerability: Backdoor Exploitation in TRENDnet TS-S402 Enables Unauthorized TELNET Access Hardcoded FTP and Shell User Accounts in Xerox ColorCube and WorkCenter Devices (2013) CSRF and XSS Vulnerability in Horde Groupware Webmail Edition's Search-to-Address Book Feature CSRF Vulnerability in Horde Groupware Web Mail 5.1.2 Allows Unauthorized Permission Changes Remote Code Execution Vulnerability in VMware Hyperic HQ 4.6.6 Groovy Script Console Denial of Service Vulnerability in KVM Subsystem through TMICT Value Modification Vulnerability in Linux Kernel's KVM Subsystem Allows Privilege Escalation and Denial of Service Stack-based Buffer Overflow in JBIG-KIT Allows Remote Code Execution Buffer Overflow in json-c printbuf APIs Denial of Service Vulnerability in JSON-C Hash Functionality Insecure Storage of Credentials in Subversion Plugin for Jenkins Inadequate Resource Lock Access Control in Jenkins Exclusion Plugin Build Failure Analyzer Plugin XSS Vulnerability Improper TLB Flush in Xen 4.2.x and 4.3.x with Intel VT-d for PCI Passthrough Vulnerability Denial of Service Vulnerability in KVM Subsystem Allows Host OS Crash via Crafted ICR Write Operation in x2APIC Mode Denial of Service Vulnerability in lbs_debugfs_write Function Denial of Service Vulnerability in Linux Kernel's aac_send_raw_srb Function Buffer Overflow in qeth_snmp_command Function in Linux Kernel Buffer underflows in XFS implementation in Linux kernel through 3.12.1 allow local users to cause denial of service or other impact via crafted ioctl calls Linux Kernel Vulnerability: Bypassing Access Restrictions via Crafted ioctl Call in aac_compat_ioctl Function Sensitive Information Disclosure in OpenStack Ceilometer Logging CSRF Validation Bypass in Drupal Form API Predictable Seed Vulnerability in Drupal 6.x and 7.x Arbitrary Script Injection in Drupal 7.x Image Module Arbitrary Script Injection Vulnerability in Drupal 7.x Color Module Open Redirect Vulnerability in Drupal 7.x Overlay Module Trust-Scoped Token Privilege Escalation in OpenStack Identity (Keystone) Information Disclosure Vulnerability in Genlock Driver for Linux Kernel 3.x Heap-based Buffer Overflow in LibYAML's yaml_parser_scan_tag_uri Function Insecure Initialization Vector in Percona XtraBackup Arbitrary Script Injection in Ganglia Web 3.5.8 and 3.5.10 via host_regex Parameter Unverified SSL Certificates in OpenStack Python Client Library for Swift Directory Traversal Vulnerability in Apache Solr ResourceLoader Virtual Router Firewall Rule Bypass Vulnerability Remote Code Execution Vulnerability in QEMU's virtio_load Function Denial of Service and Privilege Escalation Vulnerability in Xen 4.2.x and 4.3.x with Intel VT-d and PCI Device Assignment Denial of Service Vulnerability in Jansson JSON Library Arbitrary File Overwrite Vulnerability in HP Linux Imaging and Printing (HPLIP) Bypassing Access Restrictions in ownCloud Admin Page (CVE-XXXX-XXXX) Improper User ID Verification in Quassel Core Allows Unauthorized Access to Backlogs XML External Entity (XXE) Vulnerability in Apache Solr UpdateRequestHandler XML External Entity (XXE) Vulnerability in Apache Solr Privilege Escalation via TIOCSTI ioctl in Debian adequate before 0.8.1 IP Address Bypass Vulnerability in nbd-server Denial of Service Vulnerability in OpenTTD's HandleCrashedAircraft Function World-writable permissions vulnerability in Augeas transform_save function UnrealIRCd 3.2.10 Use-After-Free Denial of Service Vulnerability Denial of Service Vulnerability in Action View in Ruby on Rails Arbitrary Script Injection in Ruby on Rails number_to_currency Helper Arbitrary web script injection vulnerability in Ruby on Rails 4.x before 4.0.2 Incomplete Fix for Parameter Handling Vulnerability in Ruby on Rails X.509 Certificate Validation Vulnerability in PyWBEM 0.7 and Earlier Instance ID Spoofing Vulnerability in OpenStack Nova and Neutron Memory Corruption Vulnerability in PHP's asn1_time_to_time_t Function Arbitrary Command Execution Vulnerability in sprout gem's unpack_zip Function GnuTLS Backend in libcurl: Disabling Host Name Verification Vulnerability Integer Underflow in xTrapezoidValid Macro in X.Org Integer Underflow Vulnerability in Pixman Library OpenStack Heat API Policy Bypass Vulnerability Arbitrary Code Execution Vulnerability in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 Bypassing Tenant Scoping Restrictions in OpenStack Orchestration API (Heat) XML External Entity (XXE) Vulnerability in Spring MVC Cross-Site Scripting (XSS) Vulnerability in Spring MVC's JavaScriptUtils.javaScriptEscape Method IPv6 SIOCADDRT ioctl Call Denial of Service Vulnerability NULL pointer dereference and system crash vulnerability in Linux kernel's ping_recvmsg function Privilege Escalation via Crafted Configuration File in Red Hat openstack-neutron Package Insecure Connection Vulnerability in Red Hat Enterprise Virtualization Manager (RHEV-M) SPICE Client Arbitrary Code Execution via Race Condition in RPM File Installation NULL pointer dereference and libvirtd crash vulnerability in lxcDomainGetMemoryParameters method Denial of Service Vulnerability in OpenStack Compute (Nova) and Icehouse Improper CDATA Handling in Apache HTTP Server Allows for Denial of Service Weak Authentication Scheme in Candlepin: Unspecified Impact and Attack Vectors XML External Entity (XXE) Vulnerability in Shibboleth OpenSAML-Java Privilege Escalation via LXC-SSHD Template in LXC ACL Removal Vulnerability in Samba 4.0.x and 4.1.x Cross-Site Request Forgery (CSRF) Vulnerability in CloudForms 3.0 Management Engine SSL Server Spoofing Vulnerability in PyWBEM 0.7 and Earlier Weak Password Hashing in Cumin (MRG Management Console) Job Information Disclosure Vulnerability in Cloudera CDH JobHistory Server Multiple XML External Entity (XXE) Vulnerabilities in JBoss Seam Remoting Arbitrary Class and Method Information Disclosure in JBoss Seam Remoting Incorrect Version Number Retrieval in OpenSSL's ssl_get_algorithm2 Function DTLS Retransmission Implementation Vulnerability in OpenSSL Arbitrary Web Script Injection Vulnerability in MediaWiki MediaWiki Cross-Site Scripting (XSS) Vulnerability via Crafted XSL in SVG File Unsanitized SVG File Vulnerability in MediaWiki Arbitrary Web Script Injection Vulnerability in MediaWiki Information Disclosure Vulnerability in CentralAuth Extension for MediaWiki Symlink Attacks and Arbitrary Device Manipulation Vulnerabilities in libvirt LXC Driver Improper Initialization in libxlDomainGetNumaParameters Function in libvirt Race conditions in libvirt functions leading to denial of service via virDomainDetachDeviceFlags Arbitrary Script Injection in will_paginate Gem Infinite Loop Denial of Service Vulnerability in Nokogiri Gem 1.5.x XML Entity DoS Vulnerability in Nokogiri Gem 1.5.x and 1.6.x Stack-based Buffer Overflow in libXfont's bdfReadCharacters Function Cross-Site Scripting (XSS) Vulnerabilities in JBPM KIE Workbench 6.0.x Denial of Service Vulnerability in Openswan 2.6.39 and Earlier Denial of Service Vulnerability in Libreswan 3.7 and Earlier Arbitrary Code Execution in JBoss Drools, Red Hat JBoss BRMS, and Red Hat JBoss BPM Suite Arbitrary Code Execution Vulnerability in JBoss Overlord Run Time Governance (RTGov) 1.0 Default Configuration Disables Authentication for Qpid in OpenStack-Foreman-Installer Information Disclosure Vulnerability in MediaWiki Heap-based Buffer Overflow in urftopdf filter in cups-filters Remote Code Execution Vulnerability in CUPS and cups-filters via Crafted PDF File Arbitrary Code Execution via Crafted PDF File in CUPS and cups-filters Local Privilege Escalation via Trojan Horse Driver in CUPS and cups-filters Denial of Service Vulnerability in Pidgin's libpurple with Crafted XMPP Message Denial of Service Vulnerability in Pidgin's gtkimhtml.c Memory Allocation Vulnerability in libpurple in Pidgin Unsecured Destroy DigitalOcean API in Libcloud 0.12.3 - 0.13.2 Buffer Over-read Vulnerability in Pidgin's Yahoo! Protocol Handling Remote Denial of Service Vulnerability in Pidgin 2.10.8 XMPP Protocol Plugin Spoofing and Denial of Service Vulnerability Denial of Service Vulnerability in libpurple STUN Protocol Implementation Buffer Overflow Vulnerability in libpurple in Pidgin Arbitrary Program Execution via Improper Handling of File: URL in Pidgin (CVE-2011-3185 Incomplete Fix) Buffer overflow vulnerability in Pidgin's Gadu-Gadu (gg) parser in libpurple/protocols/gg/lib/http.c allows remote attackers to trigger an unspecified impact via a large Content-Length value Integer Signedness Error in MXit Functionality in Pidgin Allows for Remote Denial of Service Buffer Overflow Vulnerability in Pidgin's SIMPLE Protocol Implementation Insecure SSL Connection Vulnerability in python-qpid Client Authentication Bypass and Configuration Modification Vulnerability in Piranha Configuration Tool Predictable Temporary Socket File Name Vulnerability Static Temporary Directory Name Vulnerability in fedup 0.9.0 Reflected XSS Vulnerability in JBossWeb Bayeux Information Disclosure Vulnerability in Red Hat Conga 0.12.2 Remote Denial of Service Vulnerability in ClamAV before 0.98.5 WSDL Injection Vulnerability in PHP through 5.6.7 Privilege Escalation in Salt Master (SaltStack) 0.11.0 - 0.17.0 Arbitrary Command Execution in Juniper Junos J-Web Use-after-free vulnerability in Google Chrome before 31.0.1650.48 related to x-webkit-speech attribute in a text INPUT element. HTMLMediaElement Use-After-Free Vulnerability in Blink Out-of-Bounds Read Vulnerability in SVG Implementation in Google Chrome Use-after-free vulnerability in Google Chrome before 31.0.1650.48 involving string values of id attributes Use-after-free vulnerability in Blink's ContainerNode.cpp allows remote attackers to cause denial of service or other impact Address bar spoofing vulnerability in Google Chrome before version 31.0.1650.48 Out-of-Bounds Read Vulnerability in Google Chrome HTTP Stream Parser TLS Renegotiation Vulnerability in Google Chrome Uninitialized Memory Disclosure in libjpeg and libjpeg-turbo Uninitialized Memory Disclosure in libjpeg-turbo Use-after-free vulnerability in Channel::SendRTCPPacket function in libjingle in WebRTC Integer Overflow Vulnerability in Google Chrome Improper URL Validation in OneClickSigninHelper Allows Session Fixation Attacks in Google Chrome Blink Use-After-Free Vulnerability in Google Chrome Address Bar Spoofing Vulnerability in Blink Unspecified Vulnerabilities in Google Chrome before 31.0.1650.63 Multiple buffer overflows in Google V8 before 3.22.24.7, allowing remote attackers to cause a denial of service or possibly have unspecified other impact via large typed arrays. Out-of-bounds Write Vulnerability in Google V8 Out-of-bounds read vulnerability in DehoistArrayIndex function in Google V8 Use-after-free vulnerability in FormAssociatedElement::formRemovedFromTree function in Blink Address Bar Spoofing Vulnerability in Google Chrome for Android Improper Handling of Untrusted Signin Confirm Dialog in Google Chrome Unspecified Vulnerabilities in Google Chrome Prior to 32.0.1700.76 Use-after-free vulnerability in Google Chrome allows remote attackers to cause denial of service or unspecified impact via certain print-preview and tab-switch actions. Web Workers Use-After-Free Vulnerability in Google Chrome Chrome Vulnerability: Use-After-Free in AnimationController::endAnimationUpdate SkRegion::setPath Denial of Service Vulnerability Use-after-free vulnerability in RenderSVGImage::paint function in Blink Memory Corruption Vulnerability in Google V8 Directory Traversal Vulnerability in Google Chrome Sandbox on Windows Use-after-free vulnerability in Google Chrome web contents implementation allows for denial of service or potential impact via conflicting access to color chooser Denial of Service and Type Confusion Vulnerability in SVGAnimateElement::calculateAnimatedValue Function Blink Use-After-Free Vulnerability in Google Chrome XSS Auditor in Blink Allows Information Disclosure via POST Requests XSS Auditor in Blink Allows Same Origin Policy Bypass in Google Chrome Use-after-free vulnerabilities in Blink layout implementation in Google Chrome before 33.0.1750.117 Insecure TLS Renegotiation Vulnerability in Google Chrome Information Disclosure Vulnerability in Google Chrome Drag-and-Drop Implementation Unspecified Vulnerabilities Allowing Sandbox Bypass in Google Chrome Google Chrome's Pre-Validation TLS Session Caching Vulnerability SVGImage::setContainerSize Use-After-Free Vulnerability in Blink Use-after-free vulnerability in FormAssociatedElement::formRemovedFromTree function in Blink Heap-based buffer overflow in Google Chrome's ResourceProvider::InitializeSoftware function CORS Bypass Vulnerability in Google Chrome's PepperFlashRendererHost::OnNavigate Function Unspecified Vulnerabilities in Google Chrome before 33.0.1750.146 Unspecified Vulnerabilities in Google V8 and Google Chrome Arbitrary Code Execution Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey Clipboard Data Leakage through Middle-Click Paste Operations in Mozilla Firefox and SeaMonkey on Linux Failure to Recognize User's Removal of Trust from EV X.509 Certificate in Mozilla Firefox, Thunderbird, and SeaMonkey Arbitrary Script Injection via Data URL in Mozilla Thunderbird and SeaMonkey Information Disclosure Vulnerability in Tube Map Live Underground for Android (before 3.0.22) Denial of Service Vulnerability in Cisco ASA Software (CSCui33299) Cisco NX-OS IPv6 Neighbor-Table Adjacency Handling Denial of Service Vulnerability Improper Validation of Configuration Parameters in Cisco Wireless LAN Controller (WLC) Devices: Denial of Service Vulnerability Weak Permissions in Cisco Unified IP Phones Firmware: Privilege Escalation Vulnerability (Bug ID CSCui04382) Denial of Service Vulnerability in Cisco IOS SSL VPN Implementation Cleartext Administrative Password Disclosure in Cisco WebEx Meetings Server Directory Traversal Vulnerability in Cisco Unified Communications Manager (CUCM) ELM Component (CSCui58222) Arbitrary File Access Vulnerability in Cisco Unified Communications Manager (Unified CM) 9.1(1) and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Cisco Prime Collaboration Web Interface Denial of Service Vulnerability in Cisco ASA WebVPN CIFS Implementation (CSCuj83344) Denial of Service Vulnerability in Cisco IOS XE 3.8S(.2) and Earlier Denial of Service Vulnerability in Cisco IOS 7600 Routers with MLDP Implementation Denial of Service Vulnerability in Cisco IOS IPSec Implementation (Bug ID CSCul29918) Privilege Escalation Vulnerability in Cisco Secure Access Control System (ACS) Denial of Service Vulnerability in Cisco ASA Software (Bug ID CSCuj28861) Cross-Frame Scripting Vulnerability in Cisco Wireless LAN Controller (WLC) Devices Denial of Service Vulnerability in Cisco Wireless LAN Controller Devices (Bug ID CSCuh81880) Denial of Service Vulnerability in Cisco IOS XR SNMP Module (Bug ID CSCuh43144) Denial of Service Vulnerability in Cisco ONS 15454 Devices (Bug ID CSCud97155) Denial of Service Vulnerability in Cisco ONS 15454 Controller Cards (Bug ID CSCtz50902) Denial of Service Vulnerability in Cisco ONS 15454 Controller Cards Memory Consumption Denial of Service Vulnerability in Cisco IOS XE TFTP Handling Denial of Service Vulnerability in Cisco IOS and IOS XE IP Device Tracking (IPDT) Feature (CSCuh38133) Denial of Service Vulnerability in Cisco IOS XE (Bug ID CSCuj23992) Memory Leak Vulnerability in Cisco ASA Software 9.1(.3) and Earlier File Disclosure Vulnerability in Cisco Cloud Portal 9.4 (Bug IDs CSCuj08426 and CSCui60889) WebEx Training Center Registration Component URL Bypass Vulnerability CSRF Vulnerability in Cisco WebEx Training Center (Bug ID CSCul25567) Cisco WebEx Sales Center Cross-Site Scripting (XSS) Vulnerability (Bug ID CSCul25540) Heap-based Buffer Over-read Vulnerability in PHP's DateInterval Object Creation Authorization Bypass and Denial of Service Vulnerability in IBM Tivoli Storage Manager for Virtual Environments Authorization Bypass and Data Exposure in IBM Tivoli Storage FlashCopy Manager Denial of Service Vulnerability in IBM DB2 and DB2 Connect Account Information Disclosure Vulnerability in IBM BladeCenter Advanced Management Module (AMM) Firmware 3.64B, 3.64C, and 3.64G Arbitrary Command Execution in IBM Tealeaf CX 7.x-8.8 Directory Traversal Vulnerability in IBM Tealeaf CX's Passive Capture Application (PCA) Web Console Arbitrary Web Script Injection Vulnerability in IBM WebSphere Service Registry and Repository (WSRR) Unrestricted File Upload Vulnerability in IBM WebSphere Portal Information Disclosure Vulnerability in IBM WebSphere Portal 8.0.0.1 before CF09 Arbitrary Code Execution Vulnerability in IBM SPSS SamplePower 3.0.1 Arbitrary Script Injection in IBM WebSphere Application Server Administrative Console Cross-Site Scripting (XSS) Vulnerabilities in IBM TRIRIGA Application Platform 3.2.x and 3.3.x Unsigned Java Plugin Vulnerability in IBM Sametime Connect Client Insecure Security Constraints in IBM WebSphere Dashboard Framework (WDF) Allow Unauthorized Access to Image Files Arbitrary Web Script Injection Vulnerability in IBM QuickFile Bypassing Read Restrictions in IBM WebSphere Portal Arbitrary Password Change Vulnerability in IBM Netezza Performance Portal 2.x Arbitrary Web Script Injection Vulnerability in IBM Cognos Business Intelligence Arbitrary Web Script Injection Vulnerability in IBM Sametime Classic Meeting Server Information Leakage in IBM WebSphere eXtreme Scale Client IBM WebSphere Portal Information Disclosure Vulnerability Information Disclosure Vulnerability in IBM System Storage Storwize V7000 Unified IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 XSS Vulnerability Bypassing Access Restrictions in IBM SPSS Modeler on UNIX via SSO Token (IBM X-Force ID: 89855) Information Disclosure Vulnerability in IBM Maximo Asset Management and related products Lack of Autocomplete Attribute in IBM Sametime Meeting Server Allows Unauthorized Access Arbitrary Web Script Injection Vulnerability in IBM Sametime Meeting Server Privilege Escalation via Stored Procedure Infrastructure in IBM DB2 Arbitrary Web Script Injection Vulnerability in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 Arbitrary Web Script Injection Vulnerability in IBM FileNet P8 Platform Documentation Installable Info Center Denial of Service Vulnerability in IBM GSKit 7.x and 8.x Buffer Overflow in IBM Lotus Quickr for Domino ActiveX Control Buffer Overflow in IBM Lotus Quickr for Domino ActiveX Control Memory Corruption Vulnerability in Linux Kernel's uio_mmap_physical Function OpenVAS Manager OMP Authentication Bypass Vulnerability Authentication Bypass Vulnerability in OpenVAS Administrator 1.2 and 1.3 Stack-based Buffer Overflow in pepoly.dll in Quick Heal AntiVirus Pro 7.0.0.1 Untrusted Search Path Vulnerability in CyanogenMod/ClockWorkMod/Koush Superuser Package 1.0.2.1 Privilege Escalation Vulnerability in CyanogenMod/ClockWorkMod/Koush Superuser Package 1.0.2.1 for Android Privilege Escalation Vulnerability in CyanogenMod/ClockWorkMod/Koush Superuser Package Directory Traversal Vulnerability in Splunk Collect Script Clickjacking Vulnerability in Splunk before 5.0.4 Unquoted Service Path Vulnerability in Splunk 5.0.3 for Universal Forwarder Arbitrary .jar File Loading Vulnerability in Superuser Packages for Android 4.2.x and Earlier Privilege Escalation Vulnerability in Chainfire SuperSU Package for Android Arbitrary Script Injection in Yahoo! YUI Uploader Component Arbitrary File Read Vulnerability in Supermicro IPMI url_redirect.cgi Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51 SQL Injection Vulnerability in Chamilo LMS 1.9.6 and Earlier: Arbitrary SQL Command Execution Sequential Cookie Values in Bitrix e-Store Module: Brute Force Authentication Bypass Vulnerability Sensitive Information Disclosure in SilverStripe 3.0.3 MemberLoginForm Predictable Address Vulnerability in Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 APK Signature Security Bypass Vulnerability in Google Android prior to 4.4 Cross-Site Scripting (XSS) Vulnerabilities in Olat 7.8.0.1 Calendar Module Cross-site scripting (XSS) vulnerability in Olat Calendar module allows remote code injection via Location field Arbitrary Code Execution via Crafted Serialized .NET Object in Rackspace Openstack Windows Guest Agent SMTP Server Authentication Bypass via Empty Password in DeepOfix 3.3 and Earlier Blue Wrench Video Widget Plugin CSRF Vulnerability User Account Bypass Vulnerability in BlackBerry Link Memory Corruption Vulnerability in Apple Mac OS X 10.9 Denial of Service Vulnerability in MIT Kerberos 5 KDC Database Module Denial of Service Vulnerability in Microsoft Word 2003 SP2 and SP3 Remote Code Execution Vulnerability in Google Chrome Cross-site scripting (XSS) vulnerability in Jamroom Search module before 1.1.1 Weak Encryption of Passwords in OpenText Exceed OnDemand (EoD) 8: A Gateway for Credential Discovery Vulnerability: Bidirectional Authentication Bypass in OpenText Exceed OnDemand (EoD) 8 OpenText Exceed OnDemand (EoD) 8 Vulnerability: Anonymous Cipher Bypass and Man-in-the-Middle Attack Arbitrary Web Script Injection in ZendTo Pickup.php Format String Vulnerability in Tftpd32 Client Allows Remote Code Execution Arbitrary Code Execution Vulnerability in Brocade Network Advisor CSRF Vulnerabilities in D-Link DSL-6740U Gateway (Rev. H1) Allow Remote Authentication Hijacking X.509 Certificate Verification Vulnerability in ONEDC App for iOS Arbitrary Redirection and Phishing Vulnerability in SAP NetWeaver J2EE Engine XML External Entity (XXE) Denial of Service Vulnerability in SAP NetWeaver 7.31 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in SAP NetWeaver's JavaDumpService and DataCollector Servlets SAProuter 7.30 Heap-Based Buffer Overflow Vulnerability Unspecified Remote Access Restriction Bypass in SAP NetWeaver Logviewer 6.30 on Windows Arbitrary Web Script Injection Vulnerability in SAP NetWeaver Performance Provider Arbitrary Code Execution via Unrestricted File Upload in SAP NetWeaver Development Infrastructure (NWDI) SAP NetWeaver Exportability Check Service Directory Traversal Vulnerability XML External Entity (XXE) Vulnerability in GRMGApp of SAP NetWeaver Remote Code Execution in GRMGApp in SAP NetWeaver Arbitrary Command Execution via Newline in Zabbix Flexible User Parameter Privilege Escalation Vulnerability in DCMTK 3.6.1 and Earlier Cross-Site Request Forgery (CSRF) Vulnerability in Fortinet FortiAnalyzer Absolute Path Traversal Vulnerability in PineApp Mail-SeCure's admin/viewmsg.php Authentication Bypass and Unauthorized Sys_Usermng Operation in PineApp Mail-SeCure Arbitrary Command Execution in PineApp Mail-SeCure via pinghost Parameter Arbitrary Command Execution in PineApp Mail-SeCure 3.70 and Earlier Privilege Escalation Vulnerability in PineApp Mail-SeCure 3.70 and Earlier Uninitialized Data Structure Vulnerability in FreeBSD Kernel's NAND Driver Kernel Memory Disclosure Vulnerability in FreeBSD 10 and Earlier Kernel Memory Disclosure Vulnerability in FreeBSD 10 and Earlier Unauthenticated Information Disclosure in TelephonyUI Framework Heap-based Buffer Overflow in Gnumeric's ms_escher_get_data Function Arbitrary Code Injection through setTimeout Function in prettyPhoto 3.1.4 and Earlier Shared SSH Private Key Vulnerability in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 Arbitrary SQL Command Execution in InstantSoft InstantCMS 1.10.3 and Earlier Privilege Escalation Vulnerability in Siemens COMOS CSRF Vulnerability in HP 2620 Switches Allows Remote Password Hijacking Arbitrary Script Injection Vulnerability in Y! Toolbar Plugin for FireFox Cross-Site Scripting (XSS) Vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and Earlier Improper Authorization in SAP Sybase Adaptive Server Enterprise (ASE) Unspecified Information Disclosure Vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) Unspecified Information Disclosure Vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) Unspecified Denial of Service Vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) Privilege Escalation Vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) Directory Traversal Vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) Arbitrary Code Execution Vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.x Arbitrary Code Execution Vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) Unspecified Denial of Service Vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 Unspecified Information Disclosure Vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) Arbitrary SQL Command Execution Vulnerability in SAP NetWeaver 7.30 Arbitrary Web Script Injection in Splunk Web SQL Injection Vulnerability in Collabtive 1.2's managetimetracker.php SQL Injection Vulnerability in Testa OTMS 2.0.0.2: Remote Code Execution via test_id Parameter Remote Code Execution Vulnerability in Vortex Light Alloy before 4.7.4 via Long URL in .m3u File SQL Injection Vulnerability in Nagios Core Config Manager in Nagios XI Privilege Escalation Vulnerability in s3dvt 0.2.2 and Earlier Heap-based Buffer Overflow in RealPlayer Arbitrary Web Script Injection in Mijosoft MijoSearch Component for Joomla! Information Disclosure Vulnerability in Mijosoft MijoSearch Component for Joomla! Open Redirect and Cross-Site Scripting (XSS) Vulnerability in FlashCanvas Proxy.php Arbitrary Command Execution in CRU Ditto Forensic FieldStation Cross-Site Scripting (XSS) Vulnerabilities in CRU Ditto Forensic FieldStation Firmware 2013Oct15a and Earlier CSRF Vulnerability in CRU Ditto Forensic FieldStation Allows Unauthorized Disk Erase Technique Modification Default ditto Username and Password Vulnerability in CRU Ditto Forensic FieldStation AMD Processor Microcode Vulnerability: Errata 793 - Denial of Service via Locked Instructions and Write-Combined Memory Types Privilege Escalation Vulnerability in RealVNC VNC 5.0.6 OpenJPEG 1.5.1 Denial of Service Vulnerability Arbitrary Code Execution Vulnerability in Uscan in Devscripts Privilege Escalation Vulnerability in GNU Rush 1.7 via --lint Option DenyHosts 2.6 Remote Denial of Service Vulnerability Local Privilege Escalation Vulnerability in CUPS before 1.7.1 Arbitrary File Read Vulnerability in WebSVN 2.3.3 Arbitrary Web Script Injection Vulnerability in Cybozu Garoon System-Administration Component Arbitrary Web Script Injection Vulnerability in Cybozu Garoon Arbitrary Web Script Injection Vulnerability in Cybozu Garoon Space Function Arbitrary Web Script Injection in Cybozu Garoon Schedule Component Arbitrary Script Injection in Cybozu Garoon Note Component Arbitrary Web Script Injection in Cybozu Garoon Phone Component Arbitrary Web Script Injection in Cybozu Garoon Mail Component Arbitrary Web Script Injection Vulnerability in Cybozu Garoon Mail Component Arbitrary Code Injection through Cross-Site Scripting (XSS) in Cybozu Garoon 3.x before 3.7.0 Arbitrary Code Injection through Cross-Site Scripting (XSS) in Cybozu Garoon Report Component Unspecified Cross-Site Scripting (XSS) Vulnerability in Cybozu Garoon before 3.7.0 Arbitrary Web Script Injection in Cybozu Garoon Bulletin-Board Component Cross-site scripting (XSS) vulnerability in Cybozu Garoon calendar component Cross-Site Scripting (XSS) Vulnerability in Cybozu Garoon Search Component Arbitrary Code Injection through Cross-Site Scripting (XSS) in Cybozu Garoon Calendar Component Arbitrary Code Injection through Cross-Site Scripting (XSS) in Cybozu Garoon Arbitrary Script Injection Vulnerability in Cybozu Garoon Unauthenticated Remote Access Vulnerability in Satechi Travel Router 1.5 Server-Side Request Forgery (SSRF) vulnerability in phpThumb before 1.7.12 Siemens SINAMICS S/G Controllers Firmware Authentication Bypass Multiple CSRF Vulnerabilities in Seagate BlackArmor NAS 220 Devices with Firmware sg2000-2000.1331 Cross-Site Scripting (XSS) Vulnerabilities in Seagate BlackArmor NAS 220 Devices with Firmware sg2000-2000.1331 Arbitrary Command Execution in Seagate BlackArmor NAS Devices Session Hijacking Vulnerability in Siemens RuggedCom ROS before 3.12.2 Bypassing Administrative Restrictions in Siemens RuggedCom ROS Local User Account Creation Vulnerability in Internet TRiLOGI Server Cybozu Garoon 3.7 SP2 SQL Injection Vulnerability SQL Injection Vulnerability in Cybozu Garoon Page-Navigation Implementation SQL Injection Vulnerability in Cybozu Garoon API (CVE-2013-6930) Buffer Overflow in IrfanView Allows Remote Code Execution via Crafted File RTSP Message Parsing Integer Underflow and Buffer Overflow Vulnerability Buffer Overflow and Denial of Service Vulnerability in Live555 Streaming Media Buffer Overflow in VideoCharge Software Watermark Master 2.2.23: Remote Code Execution via SourcePath Value in .wcf File SQL Injection Vulnerabilities in Ajaxfs.php Plugin 2.0 for MyBB Buffer Overflow in VideoCharge Software Watermark Master 2.2.23: Remote Code Execution via .wstyle File Unspecified Denial of Service Vulnerability in Citrix NetScaler SDX and ADC Unspecified Denial of Service Vulnerability in Citrix NetScaler ADC User Credential Logging Vulnerability in Citrix NetScaler Application Delivery Controller (ADC) Shell breakout vulnerability in Citrix NetScaler Application Delivery Controller (ADC) versions 9.3.x, 10.0, and 10.1 Citrix NetScaler ADC CSRF Vulnerability LDAP Injection Vulnerability in Citrix NetScaler Application Delivery Controller (ADC) Arbitrary Web Script Injection Vulnerability in Citrix NetScaler Application Delivery Controller (ADC) Authentication and Authorization Bypass in OSEHRA VistA M2M Broker Belkin WeMo Home Automation Firmware XXE Vulnerability Remote Hijacking Vulnerability in Belkin WeMo Home Automation Firmware Insecure Firmware Distribution in Belkin WeMo Home Automation Devices Belkin WeMo Home Automation Firmware Vulnerability: SSL Server Spoofing via Arbitrary X.509 Certificate Hardcoded GPG Key in Belkin WeMo Home Automation Firmware Allows Remote Code Execution Information Disclosure: Username and Password Hash Retrieval in BlogEngine.NET 2.8.0.0 and Earlier NULL Pointer Dereference and Application Crash in libpng's png_do_expand_palette Function Arbitrary Code Execution via SLICEUPLOAD X-TMP-FILE Pathname in Synology DiskStation Manager (DSM) Arbitrary Web Script Injection in Juniper Junos Pulse Secure Access Service Juniper IDP Web Administrative Component XSS Vulnerability Denial of Service Vulnerability in Juniper NetScreen Firewall Open Redirect Vulnerability in Cisco WebEx Sales Center Cisco WebEx Meeting Center Multiple Cross-Site Scripting (XSS) Vulnerabilities (Bug ID CSCul36248) Cisco WebEx Meeting Center CPAC XSS Vulnerability (Bug ID CSCul36237) Cisco WebEx Meeting Center Mobile-Browser Subsystem XSS Vulnerability Cisco WebEx Training Center Registration Component Cross-Site Scripting (XSS) Vulnerability Bypassing Access Control and Content Injection Vulnerability in Cisco WebEx Meeting Center (CSCul36197) WebEx Training Center Registration Component URL Bypass Vulnerability Open Redirect Vulnerability in Cisco WebEx Training Center Open Redirect Vulnerability in Cisco WebEx Sales Center: Conducting Phishing Attacks via Mobile-Browser Subsystem (Bug ID CSCul36020) Cisco WebEx Training Center Email Address Enumeration Vulnerability Remote attackers can modify fields in Cisco WebEx Training Center's training-registration page (Bug ID CSCul35990) Sensitive Information Disclosure in Cisco WebEx Meeting Center Open Redirect Vulnerability in Cisco WebEx Training Center Session Number Disclosure and Audio-Conference Attendance Bypass in Cisco WebEx Training Center (Bug ID CSCul57126) Remote Registration ID Discovery Vulnerability in Cisco WebEx Training Center (Bug ID CSCul57121) Cisco Secure Access Control System (ACS) Cross-Site Scripting (XSS) Vulnerability Cisco NX-OS Directory Traversal Vulnerability (Bug ID CSCul05217) CSRF Vulnerability in Cisco EPC3925 Devices: Password Hijacking via goform/Quick_setup (Bug ID CSCuh37496) Information Disclosure Vulnerability in Cisco Unified Communications Manager (UCM) DRS Component (Bug ID CSCuj39249) VTY Authentication Bypass Vulnerability in Cisco IOS XE Denial of Service Vulnerability in Cisco IOS XE 3.7S(.1) and Earlier (Bug ID CSCul00709) Denial of Service Vulnerability in Cisco NX-OS BGP Implementation (CSCuj03174) SQL Injection Vulnerability in Cisco Unified Presence Server Web Interface (Bug ID CSCuh35615) SQL Injection Vulnerability in Enorth Webpublisher CMS (possibly 5.0 and earlier) via log_searchday.jsp Cleartext Storage Vulnerability in ZippyYum Subway CA Kiosk App 3.4 for iOS Multiple directory traversal vulnerabilities in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 Command Line Privilege Escalation in FortiGuard FortiAuthenticator before 3.0 Arbitrary Script Injection Vulnerability in WP-Cron Dashboard Plugin for WordPress CSRF Vulnerability in AskApache Firefox Adsense Plugin for WordPress Arbitrary Script Injection Vulnerability in Ad-minister Plugin for WordPress Cleartext Transmission of Session ID in OpenText Exceed OnDemand (EoD) 8 Cross-Site Scripting (XSS) Vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and Earlier NULL Pointer Dereference Vulnerability in IsHandleEntrySecure Function Denial of Service Vulnerability in NowSMS Now SMS & MMS Gateway 2013.09.26 Denial of Service Vulnerability in NowSMS Now SMS & MMS Gateway Arbitrary Web Script Injection Vulnerability in LiveZilla Mobile/PHP Translation Multiple Cross-Site Scripting (XSS) Vulnerabilities in LiveZilla before 5.1.2.0 Hardcoded Username Vulnerability in D-Link DSR Series Routers Cleartext Password Storage Vulnerability in D-Link DSR Series Routers Denial of Service Vulnerability in FFmpeg's decode_slice_header Function Out-of-bounds array access vulnerability in FFmpeg's rpza_decode_stream function Integer Signedness Errors in FFmpeg's libavcodec/dsputil.c FFmpeg FFV1dec.c Remote Code Execution Vulnerability Out-of-bounds array access vulnerability in FFmpeg's JPEG2000 decoder Arithmetic Operation Vulnerability in g2m_init_buffers Function in FFmpeg Integer Signedness Error in FFmpeg's PNG Decoder Out-of-bounds Array Access Vulnerability in FFmpeg's flashsv_decode_frame Function Out-of-bounds array access vulnerability in FFmpeg's JPEG2000 decoder JPEG2000 Data Processing Vulnerability in FFmpeg Out-of-bounds Array Access Vulnerability in libavcodec/jpeg2000dec.c Out-of-bounds Array Access Vulnerability in FFmpeg's get_cox Function Out-of-bounds array access vulnerability in FFmpeg's read_header function in libavcodec/ffv1dec.c Double Free Vulnerability in FFmpeg's vf_fps.c Memory Allocation Vulnerability in FFmpeg's g2m_init_buffers Function Memory-allocation error vulnerability in FFmpeg's ff_combine_frame function Out-of-bounds array access vulnerability in FFmpeg's jpeg2000_decode_tile function Cross-Site Scripting (XSS) Vulnerabilities in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 Race conditions in ipc/shm.c in Linux Kernel: Denial of Service and System Crash Vulnerability Denial of Service Vulnerability in Linux Kernel's ieee80211_radiotap_iterator_init Function Cleartext UseUserCredential Disclosure in Cisco Unified Communications Manager TFTP Service Cross-Site Scripting (XSS) Vulnerabilities in LiveZilla Web Based Operator Client Plaintext Password Exposure in LiveZilla before 5.1.2.1 via XSS Arbitrary PHP Code Execution via Serialized Object in LiveZilla Cookie Out-of-Bounds Read Vulnerability in MHD_http_unescape Function Stack-based Buffer Overflow in libmicrohttpd Allows Remote Code Execution Incomplete Fix for Hash Collision Vulnerability in Python 2.7 before 3.4 Case-insensitive password hashing vulnerability in pam_userdb module World-readable permissions for secret keys in SUSE Lifecycle Management Server (SLMS) before 1.3.7 vulnerability Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Cisco Scientific Atlanta DPR2320R2 Routers World-writable and world-readable permissions in OpenStack Compute (Nova) allow unauthorized access to live snapshots Stack-based Buffer Overflow in Fish Plugin for ZNC Allows Remote DoS Arbitrary Command Execution via Shell Metacharacters in Directory Name Authentication Bypass Vulnerability in D-Link DIR-100 4.03B07 cli.cgi Security Bypass Vulnerability in D-Link DIR-100 4.03B07: Exploiting Error in cliget.cgi Script D-Link DIR-100 4.03B07: Cross-Site Request Forgery (CSRF) in cli.cgi D-Link DIR-100 4.03B07: Cross-Site Scripting (XSS) in cli.cgi Critical Information Disclosure Vulnerability in D-Link DIR-100 4.03B07: PPTP and PoE CSRF Vulnerability in Axway SecureTransport 5.1 SP2 and Earlier Allows Arbitrary File Upload Information Disclosure Vulnerability in FactoryTool.py Unspecified Search API Vulnerability in Plone 3.3 through 4.3.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Zope Insufficient Permission Checks in Invitation Module for Drupal Arbitrary Script Injection in EU Cookie Compliance Module for Drupal Arbitrary Group Posting Vulnerability in Drupal Organic Groups Module Entity Reference Module Vulnerability: Unauthorized Access to Private Node Titles Access Bypass Vulnerability in OG Features Module for Drupal Bypassing Group Restrictions in Organic Groups Module for Drupal Arbitrary Code Execution in ack 2.00 through 2.11_02 via .ackrc File Options Arbitrary Command Execution in Monitorix HTTPServer Arbitrary Web Script Injection in Monitorix 3.4.0 and Earlier Arbitrary Table Column Read Vulnerability in TYPO3 Content Editing Wizards Component Cross-Site Scripting (XSS) Vulnerabilities in TYPO3 Content Editing Wizards Arbitrary PHP Object Unserialization and File Deletion Vulnerability in TYPO3 Content Editing Wizards Component Arbitrary Web Script Injection in TYPO3 Extension Manager Arbitrary Web Script Injection in TYPO3 Backend User Administration Module Arbitrary web script injection vulnerability in TYPO3 Extbase Framework Open Redirect Vulnerability in TYPO3 OpenID Extension Mass Assignment Vulnerability in TYPO3 Extension Table Administration Library Arbitrary HMAC Signature Generation Vulnerability in TYPO3 Form Content Element Arbitrary web script injection vulnerability in TYPO3 Flow (formerly FLOW3) 1.1.x and 2.0.x Arbitrary File Deletion Vulnerability in Uscan (devscripts 2.13.5) with USCAN_EXCLUSION Enabled Arbitrary Command Execution via Shell Metacharacters in Webbynode Gem's Notify Function Heap Memory Corruption Vulnerability in ClamAV before 0.97.7 Buffer Overflow Vulnerability in ClamAV libclamav Component Information Leak Vulnerability in ClamAV before 0.97.7: dbg_printhex Directory Traversal Vulnerability in Zimbra 7.2.2 and 8.0.2 SQL Injection Vulnerabilities in McAfee Email Gateway 7.6: Remote Code Execution via /admin/cgi-bin/rpc/doReport/18 SAProuter 39.3 SP4 Authentication Bypass and Configuration Modification Vulnerability SQL Injection Vulnerability in RSDDCVER_COUNT_TAB_COLS Function in SAP NetWeaver 7.30 XML External Entity (XXE) Vulnerability in SAP CRM 7.02 EHP 2 SQL Injection Vulnerabilities in SAP EMR Unwired Arbitrary File Read Vulnerability in 7 Media Web Solutions eduTrac Heap Overflow Vulnerability in OpenConnect VPN Client with GnuTLS Buffer Overflow Vulnerability in Asterisk Open Source 1.8.x, 10.x, and 11.x Unrestricted File Upload Vulnerabilities in OptimizePress Theme for WordPress Arbitrary Command Execution in McAfee Email Gateway 7.6 Arbitrary Command Execution in McAfee Email Gateway 7.6 Unspecified Buffer Overflow Vulnerability in Fujitsu Interstage HTTP Server Multiple Stack-Based Buffer Overflows in Icinga CGI Components CSRF Vulnerability in Icinga cmd.cgi Allows Authentication Hijacking Multiple off-by-one errors in Nagios Core and Icinga allow remote authenticated users to obtain sensitive information or cause denial of service Insecure X.509 Certificate Validation in Transifex Command-Line Client Sensitive Information Disclosure in BaseSpace Ruby SDK Denial of Service Vulnerability in Wireshark SIP Dissector Global Variable Reliance Vulnerability in Wireshark BSSGP Dissector Buffer Overflow Vulnerabilities in Wireshark NTLMSSP v2 Dissector Cleartext Credential Storage Vulnerability in Apple Safari 6.0.5 Cleartext Credential Storage Vulnerability in Valve Bug Reporter Cross-Site Scripting (XSS) Vulnerability in ThemeBeans Blooog WordPress Theme OpenStack Compute (Nova) Vulnerability: Unauthorized Access to Snapshot Root Disk Contents via Ephemeral Storage Insecure Secret Key Usage in Juvia Cookie Configuration World-writable permissions in Proc::Daemon module for Perl allow unauthorized modification of process ID file Insufficient WPA-PSK Passphrases in UPC Ireland Cisco EPC 2425 Router (Horizon Box) Vulnerability Authentication Bypass Vulnerability in Burden Login Functionality Directory Traversal Vulnerability in Horizon QCMS 4.0 and Earlier SQL Injection Vulnerability in Horizon QCMS 4.0 and Earlier: Remote Code Execution via download.php XML External Entity (XXE) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier Arbitrary Web Script Injection Vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and Earlier Arbitrary Web Script Injection Vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and Earlier Arbitrary Web Script Injection via Mail Filter Rule Title in Open-Xchange (OX) AppSuite 7.4.1 Unverified X.509 Certificates Vulnerability in LINE 3.2.1.83 and Earlier Arbitrary SQL Command Execution in Revive Adserver and OpenX Source World-writable permissions on /tmp directory in Slackware versions 14.0 and 14.1 and Slackware LLVM versions 3.0-i486-2 and 3.3-i486-2, leading to remote code execution with root privileges. World-writable permissions on iodbctest and iodbctestw programs in libiodbc package in Slackware 13.1, 13.37, 14.0, and 14.1 Critical Buffer Overflow Vulnerability Found in Belkin N750 Routers Absolute Path Traversal Vulnerability in QNAP QTS before 4.1.0 SQL Injection Vulnerabilities in Avanset Visual CertExam Manager 3.3 and Earlier: Remote Code Execution via User Input Fields Arbitrary IP Blocking Vulnerability in Fail2ban's Postfix Filter Arbitrary IP Blocking Vulnerability in Fail2ban's Cyrus-IMAP Filter Arbitrary Command Execution Vulnerability in Seowon Intech SWC-9100 Routers Insecure Password Recovery in Cobham Satellite Communication Devices Arbitrary Web Script Injection Vulnerability in Fortinet FortiOS 5.0.3 Arbitrary Web Script Injection in Fortinet FortiOS 5.0.5 Firewall Schedule Recurrdlg Remote Reboot and Configuration Reset Vulnerability in Seowon Intech SWC-9100 Routers Denial of Service Vulnerability in Gretech GOM Media Player 2.2.56.5158 and Earlier Memory Corruption Vulnerability in PotPlayer 1.5.40688 with .avi Files Remote Code Execution Vulnerability in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) via Long String in .m3u File SQL Injection Vulnerability in FormCraft Plugin 1.3.7 and Earlier for WordPress Arbitrary Web Script Injection in KBKP Software HostBill Multiple SQL Injection Vulnerabilities in iScripts AutoHoster Multiple Directory Traversal Vulnerabilities in iScripts AutoHoster Tenmiles Helpdesk Pilot XSS Vulnerability SQL Injection Vulnerabilities in Dynamic Biz Website Builder (QuickWeb) Multiple SQL Injection Vulnerabilities in C2C Forward Auction Creator 2.0 Cross-Site Scripting (XSS) Vulnerabilities in eFront 3.6.14 (build 18012) Bypassing Only Me Restrictions and Unauthorized Like in PHPFox 3.7.3 and 3.7.4 Bypassing Only Me Restrictions in PHPFox 3.7.3-3.7.5 SSL Ignorance Vulnerability in PayPal Android App Allows Man-in-the-Middle Attacks Remote Code Execution Vulnerability in PayPal Android App Arbitrary File Read Vulnerability in Gitolite Setup CSRF Vulnerability in Conceptronic CIPCAMPTIWL Camera 1.0 Allows Unauthorized User Addition Heap-based buffer over-read vulnerability in Nagios Core 3.5.1, 4.0.2, and earlier CSRF Vulnerability in JForum Admin Module Allows Unauthorized User Group Permission Changes SQL Injection Vulnerabilities in Classifieds Creator 2.0 Critical Unspecified Vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5 SQL Injection Vulnerability in 2Glux Sexy Polling Component for Joomla! Arbitrary Command Execution via Unattended Workstation in GNOME Shell Unattended Workstation Command Execution Vulnerability in GNOME Shell Fixed Secret Token Vulnerability in Fat Free CRM Cross-Site Request Forgery (CSRF) Vulnerabilities in Fat Free CRM before 0.12.1 Unrestricted JSON Serialization in Fat Free CRM before 0.12.1 SQL Injection Vulnerabilities in Fat Free CRM Integer Overflow in gdImageCrop Function in PHP 5.5.x before 5.5.9 Cross-Site Scripting (XSS) Vulnerability in ESRI ArcGIS for Server 10.1 and 10.2 Mobile Content Server SQL Injection Vulnerability in ESRI ArcGIS for Server through 10.2 CSRF Vulnerability in WordPress Retrospam Component Clickjacking Vulnerability in Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 User Impersonation Vulnerability in Simple Machines Forum (SMF) User Impersonation Vulnerability in Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier Authentication Bypass Vulnerability in memcached before 1.4.17 Arbitrary File Read Vulnerability in Advanced Dewplayer Plugin for WordPress Arbitrary Web Script Injection in Zenphoto Export Function Arbitrary SQL Command Execution in Zenphoto WordPress Import Plugin Cross-Site Scripting (XSS) Vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 Access Restriction Bypass Vulnerability in SAP Sybase ASE 15.7 DaumGame ActiveX Plugin Buffer Overflow Vulnerability Information Disclosure Vulnerability in Franklin Fueling Systems TS-550 evo Firmware Hardcoded Password Vulnerability in Franklin Fueling Systems TS-550 Evo Firmware XML Serialization Vulnerability in Fat Free CRM before 0.12.1 JsonBuilder Cross-Site Scripting (XSS) Vulnerability in ProjectForge Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in ProjectForge before 5.3 Insecure Encryption Mode in KWallet Opsview before 4.4.2 Cross-Site Scripting (XSS) Vulnerability Opsview before 4.4.2 Open Redirect Vulnerability CSRF Vulnerability in Opsview before 4.4.2 Allows Remote Authentication Hijacking Codiad 2.0.7 Project Name Field Cross-Site Scripting (XSS) Vulnerability Arbitrary Script Injection in web2ldap 1.1.x before 1.1.49 Cross-Site Request Forgery (CSRF) Vulnerabilities in Neo4J 1.9.2 Stack-based buffer overflows in RealPlayer XML Parsing SQL Injection Vulnerability in msPostGISLayerSetTimeFilter Function in MapServer Kernel Stack Memory Disclosure Vulnerability Kernel Stack Memory Disclosure Vulnerability Kernel Stack Memory Disclosure Vulnerability Kernel Memory Information Disclosure Vulnerability Kernel Memory Information Disclosure Vulnerability Kernel Memory Disclosure Vulnerability in Linux Kernel Kernel Memory Information Disclosure Vulnerability Kernel Memory Disclosure via Uninitialized Data Structure in packet_recvmsg Function Kernel Memory Disclosure Vulnerability in Linux x25_recvmsg Function Denial of Service Vulnerability in GNOME Display Manager (gdm) 3.4.1 and Earlier Arbitrary Web Script Injection via Wallpaper Title Field in Wallpaper Script 3.5.0082 Arbitrary Web Script Injection in MyBB (MyBulletinBoard) misc.php Arbitrary Script Injection in Recommend to a Friend Plugin for WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 SQL Injection Vulnerability in Naxtech CMS Afroditi 1.0 Arbitrary Web Script Injection in S3 Video Plugin for WordPress HansoTools Hanso Player Buffer Overflow Vulnerability Kernel Stack Memory Disclosure Vulnerability Authentication Bypass Vulnerability in Nisuta NS-WIR150NE and NS-WIR300N Routers Race condition vulnerability in libreswan.spec files for RHEL and Fedora packages in libreswan 3.6 Remote Code Execution Vulnerability in PlRPC Perl Module Arbitrary Shell Command Execution Vulnerability in Xstream API Weak Password Obfuscation Algorithm in MobileIron VSP and Sentry Insecure Encryption Scheme in MobileIron VSP and Sentry Arbitrary Script Injection via Yahoo Video URLs in MyBB (MyBulletinBoard) 1.6.12 and earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) Register.php Denial of Service Vulnerability in memcached 1.4.4 and Earlier Versions Denial of Service Vulnerability in Verbose Mode of memcached (CVE-2013-7291) Bypassing Active Directory Authentication in VASCO IDENTIKEY Authentication Server Misleading Configuration Process Allows Remote Hijacking of ASUS WL-330NUL Router Denial of Service Vulnerability in libreswan's ikev2parent_inI1outR1 Function Insecure Random Number Generation in Tor with OpenSSL 1.x and HardwareAccel on Intel Sandy Bridge and Ivy Bridge Platforms Denial of Service Vulnerability in JBIG2Stream::readSegments Method in Poppler Denial of Service Vulnerability in query_params.cpp in cxxtools Header Injection Vulnerability in Tntnet before 2.2.1 Cantata Absolute Path Traversal Vulnerability Unrestricted File Access in Cantata before 1.2.2 Session Fixation Vulnerability in Ubercart Module for Drupal Cross-Site Scripting (XSS) Vulnerabilities in SPIP before 2.1.25 and 3.0.x before 3.0.13 X.509 Certificate Validation Bypass in Check Point Endpoint Security MI Server User Ban Field Bypass Vulnerability in e107 through 1.0.4 Brocade Router OSPF Implementation Duplicate Link State ID Vulnerability Vulnerability: Duplicate Link State ID Values in OSPF Implementation on Brocade Vyatta vRouter OSPF Implementation on D-Link DES-3810-28 Switch Denial of Service Vulnerability Vulnerability: Duplicate Link State ID Values in Extreme Networks EXOS OSPF Implementation Yamaha Router OSPF Implementation Duplicate Link State ID Vulnerability OSPF Implementation in Check Point Gaia and IPSO OS Allows for Duplicate Link State ID Values in LSA Packets Vulnerability: OSPF Implementation on Enterasys Switches and Routers Allows for Duplicate Link State ID Values in LSA Packets Vulnerability: Duplicate Link State ID Values in OSPF Implementation Vulnerability: Duplicate Link State ID Values in OSPF Implementation on NEC Routers XML External Entity (XXE) vulnerability in Spring MVC in Spring Framework GitLab 6.0 XSS Vulnerability CS-Cart 4.1.1 Multiple Cross-Site Scripting (XSS) Vulnerabilities AlgoSec Firewall Analyzer 6.4 BusinessFlow/login Cross-Site Scripting (XSS) Vulnerability Arbitrary Script Injection in Download Manager WordPress Plugin CSRF Vulnerability in D-Link DAP-2253 Access Point (Rev. A1) Firmware Arbitrary Web Script Injection Vulnerability in D-Link DAP-2253 Access Point (Rev. A1) Replay Attack Vulnerability in liboath Arbitrary Command Execution in python-gnupg before 0.3.5 Remote Code Execution via High Volume Audio/Video in Webkit-GTK 2.x Arbitrary Code Execution Vulnerability in devscripts' uscan Arbitrary Code Injection in vTiger CRM 5.4.0 PHP 5.5.x gdImageCrop Function Null Pointer Dereference Vulnerability Integer Signedness Errors in gdImageCrop Function in PHP 5.5.x before 5.5.9 Information Disclosure Vulnerability in CGI::Application Module Remote Configuration Vulnerability in Jenkins 1.502 Information Disclosure Vulnerability in Microsoft.XMLDOM ActiveX Control Denial of Service Vulnerability in Microsoft.XMLDOM ActiveX Control Selective Switch Disconnection Vulnerability in Open Floodlight SDN Controller Software CSRF Vulnerability in ImageCMS 4.2 Allows SQL Injection Attacks (CVE-2012-6290) Open Redirect Vulnerability in DotNetNuke (DNN) Versions 6.2.9 and below, and 7.x Versions before 7.1.1 NULL pointer dereference and libvirtd crash vulnerability in qemuMigrationWaitForSpice function Denial of Service Vulnerability in Python Zip File Processing NULL pointer dereference vulnerability in rds_ib_laddr_check function in Linux kernel before 3.12.8 Denial of Service Vulnerability in VideoLAN VLC Media Player Cross-Site Scripting (XSS) Vulnerabilities in Flowplayer Flash before 3.2.17 Arbitrary Script Injection in Flowplayer HTML5 5.4.1 via XSS Vulnerability in flowplayer.swf Incomplete fix for Cross-site scripting (XSS) vulnerability in Flowplayer HTML5 5.4.3 Arbitrary PHP Code Execution Vulnerability in ownCloud Denial of Service Vulnerability in awk Script Detector CSRF Vulnerability in Symphony CMS 2.3.2 and Earlier Allows SQL Injection Attacks Improper User Session Timeout Enforcement in Luci in Red Hat Conga Double Free Vulnerability in Linux Kernel's ioctx_alloc Function Multiple SQL Injection Vulnerabilities in Gnew 2013.1 Unspecified Vulnerabilities in Check Point Security Gateway and Appliances Multiple Cross-Site Scripting (XSS) Vulnerabilities in Shaarli index.php CSRF Vulnerability in b2evolution Blogs/Admin.php Allows SQL Injection (CVE-2013-2945) Integer Overflow in png_set_unknown_chunks Function in libpng Heap-based buffer overflow in libpng before 1.5.14rc03 via crafted image SQL Injection Vulnerability in SAP BI Universal Data Integration Unspecified vulnerability in SAP CCMS / Database Monitors for Oracle allows password retrieval via unknown vectors Unspecified Remote Credential Information Disclosure Vulnerability in SAP J2EE Engine Configuration Service SAP Guided Procedures Archive Monitor Unspecified Remote Identity Information Disclosure Vulnerability Unspecified Vulnerability in SAP Mobile Infrastructure Allows Remote Port Scanning SAP AdminAdapter Unspecified Remote File Access Vulnerability Arbitrary File Upload Vulnerability in SAP CMS and CM Services Remote Code Execution Vulnerability in SAP CCMS Agent Unspecified Remote Code Execution Vulnerability in SAP Solution Manager's Diagnostics (SMD) Agent Unrestricted File Access Vulnerability in SAP NetWeaver J2EE Engine Arbitrary Web Script Injection Vulnerability in SAP Enterprise Portal SAP Software Deployment Manager (SDM) Denial of Service Vulnerability Unrestricted Access to Federation Configuration Pages in SAP Enterprise Portal Multiple Cross-Site Scripting (XSS) Vulnerabilities in Gnew 2013.1 Unspecified SQL Injection Vulnerability in F-Secure Anti-Virus and Server Security XSS Vulnerability in Sencha Labs Connect Middleware in node-connect before 2.8.1 Incomplete Fix for Cross-Site Scripting Vulnerability in Sencha Labs Connect Middleware in Node-Connects before 2.8.2 Insecure PRNG Implementation in Apache Harmony: Exploiting Predictability in Bitcoin Wallet Applications Insecure OpenSSL PRNG Seeding in Android Versions Prior to 4.4 Bypassing Greeter Screen Restrictions via Ubuntu Date and Time Indicator SQL Injection Vulnerability in PHP-Fusion 7.02.01 through 7.02.05 via User Cookie Cross-Site Request Forgery (CSRF) Vulnerabilities in OpenX 2.8.10 Arbitrary Command Execution Vulnerability in codem-transcode Node.js Module Arbitrary Command Execution in Hubot Scripts Module Authentication Bypass Vulnerability in Tomato Module for Node.js Remote Command Injection Vulnerability in Etherpad Lite's ep_imageconvert Plugin Arbitrary Command Execution Vulnerability in libnotify for Node.js Hardcoded Password Vulnerability in VICIDIAL Dialer Privilege Escalation in x2gocleansessions in X2Go Server Denial of Service Vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 Insecure Password Storage and XSS Vulnerability in LiveZilla 5.1.2.1 and Earlier Format String Vulnerability in BOINC's PROJECT::write_account_file Function Session Fixation Vulnerability in DataLife Engine (DLE) 9.7 and Earlier: Remote Session Hijacking via PHPSESSID Cookie Heap-based Buffer Overflow in paintlib Allows Remote Code Execution in Trimble SketchUp Multiple Cross-Site Scripting (XSS) Vulnerabilities in D-Link DIR-645 Router (Rev. A1) Firmware Arbitrary Code Execution via Unrestricted File Upload in ManageEngine DesktopCentral Entity API Module Remote Entity Access Vulnerability Arbitrary Command Execution Vulnerability in Gitlist Privilege Escalation via Symlink Attack in Subversion 1.8.0 before 1.8.2 Arbitrary Command Execution in Splunk runshellscript echo.sh Script Default Supervisor and Service Password Vulnerability in ZOLL Defibrillator / Monitor X Series X.509 Certificate Verification Bypass in Async Http Client X.509 Certificate Spoofing Vulnerability in Async Http Client Improper Authentication Checking in TYPO3 Direct Mail Extension (CVE-2021-12345) Denial of Service Vulnerability in c-icap 0.2.x via parse_request Function Denial of Service Vulnerabilities in c-icap 0.2.x via Crafted ICAP Requests Unsecured Default Password Vulnerability in GE Healthcare Discovery NM 750b Unspecified Impact and Attack Vectors in GE Healthcare Centricity DMS 4.2 Ad Hoc Reporting Feature SQL Injection Vulnerability in MRBS Module for Drupal CSRF Vulnerability in MRBS Module for Drupal Allows Remote Authentication Hijacking Predictable Session Cookie Vulnerability in F5 BIG-IP Analytics 11.x before 11.4.0 Buffer Overflow Vulnerability in ALLPlayer 5.6.2 through 5.8.1 via Long String in .m3u File Arbitrary Command Execution via URL in Canto Curses XSS Vulnerability in IPCop Firewall Allows Remote Code Injection Arbitrary Code Execution in IPCop Firewall via iptablesgui.cgi Arbitrary Web Script Injection in Joomlaskin JS Multi Hotel Plugin 2.2.1 for WordPress Remote Code Execution Vulnerability in Hancom Office 2010 SE via Buffer Overflow in TEXTART XML Element Arbitrary Kernel Module Loading Vulnerability in Linux Crypto API Integer Underflow Vulnerability in Perl's regcomp.c File Descriptor Reuse Vulnerability in GNU C Library's send_dg Function Denial of Service and Arbitrary Code Execution Vulnerability in glibc's getaddrinfo Function Insecure Temporary File Vulnerability in Kamailio 4.0.1 Denial of Service Vulnerability in Googlemaps Plugin for Joomla! XML Injection Vulnerability in Googlemaps Plugin for Joomla! Arbitrary Script Injection in Googlemaps Plugin for Joomla! Full Path Disclosure Vulnerability in Googlemaps Plugin for Joomla! Bypassing Protection Mechanism in Googlemaps Plugin for Joomla! Googlemaps Plugin for Joomla! 3.1 XSS Vulnerability Sensitive Settings History Information Disclosure in Evergreen Insecure Cookie Transmission in noVNC before 0.5 Integer overflows in potrace 1.11 leading to buffer overflow via large dimensions in BMP image Buffer Overflow Vulnerabilities in pbm212030 Buffer overflow vulnerability in X11R6.x and libX11 before 1.6.0 allows remote attackers to execute arbitrary code via crafted request Wildcard Handling Vulnerability in ssl.match_hostname Function Denial of Service Vulnerability in Network Block Device (NBD-Server) 2.9.22 through 3.3 Default and Hardcoded Password Vulnerability in GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 Buffer Overflow in SQLite 3.8.2 Skip-Scan Optimization Vulnerability Information Disclosure Vulnerability in MediaWiki Special:Contributions Page Denial of Service Vulnerability in Linux Kernel's Direct Rendering Manager (DRM) Subsystem Linux Kernel AF_UNIX Use-After-Free Vulnerability Integer Overflow in gdk_cairo_set_source_pixbuf Function in GTK+ Arbitrary File Read Vulnerability in Didiwiki's wiki.c SSL Server Spoofing Vulnerability Insecure Certificate Management in Pulp before 2.3.0 XSS Bypass Vulnerability in Node.js Validator Module Cross-Site Scripting (XSS) Bypass in Node.js Validator Module Bypassing Cross-Site Scripting (XSS) Filter in Node.js Validator Module Nested Forbidden Strings Bypass in Node.js Validator Module Double Free Vulnerability in DefaultICCintents Function in liblcms2 Out-of-bounds read vulnerability in GD Graphics Library Unspecified Privilege Escalation Vulnerability in Qualcomm Components in Android World-readable permissions in .rediscli_history file in linenoise Heap-based Buffer Overflow in ALGnew Function in Python Cryptography Toolkit (pycrypto) Allows Remote Code Execution Write Protection and Execution Bypass Vulnerability in McAfee Application Control (MAC) 6.1.0 for Linux Write Protection and Execution Bypass Vulnerability in McAfee Change Control (MCC) 6.1.0 for Linux Directory Traversal Vulnerability in McAfee SaaS Control Console Platform 6.14 and 6.15 Insecure CBC IV Generation in aescrypt gem 1.0.0 for Ruby CSRF-Magic Vulnerability: Predictable Anti-CSRF Token Generation Unauthenticated Remote Code Execution in Ice Cold Apps Servers Ultimate 6.0.2(12) Local File Inclusion and Remote Code Execution in Simple Machines Forum (SMF) 2.0.4 via install.php Cross-Site Scripting (XSS) Vulnerability in Simple Machines Forum (SMF) 2.0.4 via index.php?action=pm;sa=settings;save sa parameter PHP Code Injection Vulnerability in Simple Machines Forum (SMF) 2.0.4 Insecure Initialization Vector (IV) Usage in Seafile Encryption Denial of Service Vulnerability in cipso_v4_validate in Linux Kernel Command Injection Vulnerability in D-Link DIR-845, DIR-600, DIR-645, DIR-300 rev. B, and DIR-865 Devices XSS Vulnerability in Count per Day WordPress Plugin (<=3.2.6) CSRF Vulnerability in Windu CMS 2.2 Allows Unauthorized Admin Account Creation Cross-Site Scripting (XSS) Vulnerability in Windu CMS 2.2 XSS Vulnerability in contact-form-plugin Plugin for WordPress CSRF Vulnerability in Simple-Fields Plugin for WordPress Admin Interface XSS Vulnerability in Events-Manager Plugin Booking Form Cross-Site Scripting (XSS) Vulnerability in Events-Manager Plugin for WordPress (Version < 5.5) XSS Vulnerability in Events-Manager Plugin for WordPress XSS Vulnerability in Events-Manager Plugin for WordPress XSS Vulnerability in contact-form-plugin Plugin for WordPress XSS Vulnerability in Reflex-Gallery Plugin for WordPress File Inclusion Vulnerability in Slidedeck2 Plugin for WordPress Unsalted MD5 Password Storage Vulnerability in Zabbix before 5.0 Arbitrary Script Injection in Open-Xchange (OX) AppSuite Backend Arbitrary script injection vulnerability in Open-Xchange (OX) AppSuite 7.2.x and 7.4.x Remote Code Execution Vulnerability in Swann DVR Devices via raysharpdvr Application Infinite Loop Vulnerability in perl-Convert-ASN1 (Convert::ASN1 module for Perl) Arbitrary Code Execution Vulnerability in Beaker Library Memory Corruption Vulnerability in DBI Perl Module Stack Corruption Vulnerability in DBI Perl Module