SQL injection vulnerability in search.php in MH Products kleinanzeigenmarkt allows remote attackers to execute arbitrary SQL commands via the c parameter.

Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page.

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium)

Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=.

In display, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4820.

An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie.

In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

The WooCommerce WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page.

The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.

Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John Newcombe eBecas plugin <= 3.1.3 versions.

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.

"Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and allows the Normal user to log in as the Owner account without a password.

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.

WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.

movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges.

SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.