VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attackers to inject arbitrary web script or HTML via the erromsg parameter.

Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.

ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions.

Remote Desktop Client Remote Code Execution Vulnerability.

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges.

In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab

The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Malicious operator to boot from a Live Image.

Rejected reason: Not used

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.

The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.

Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request.

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtRuleName parameter to /MailEssentials/pages/MailSecurity/advancedfiltering.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.

A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.

The Echo News (aka com.solo.report) 1.10 application (beta) for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access.

hnswlib Double Free vulnerability

An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5.

IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened.

The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack