Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension. Date published :...
Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window. Date...
Multiple cross-site scripting (XSS) vulnerabilities in Open Source Point of Sale 2.3.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Date published : 2015-09-29 http://packetstormsecurity.com/files/133737/Open-Source-Point-Of-Sale-2.3.1-Cross-Site-Scripting.html
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter...
Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery – Photo Albums – Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) Media...
classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request...
vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for...
The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a...
Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name. Date published : 2015-09-28 http://www.securityfocus.com/bid/76099 http://lists.roaringpenguin.com/pipermail/remind-fans/2015/003172.html
The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA...
SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Date published : 2015-09-28 http://www.securityfocus.com/archive/1/536523/100/0/threaded http://software.open-xchange.com/products/guard/doc/Release_Notes_for_Patch_Release_2626_7.6.2_2015-08-03.pdf
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors. Date published : 2015-09-28 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04785857 https://kc.mcafee.com/corporate/index?page=content&id=SB10138
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request....
Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20...