DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.
DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter.
A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring.
In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address.
An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_receivePacket in ethernet_bsd.c.
An issue has been found in libIEC61850 v1.3. It is a NULL pointer dereference in Ethernet_sendPacket in ethernet_bsd.c.
PrestaShop 1.6.x before 184.108.40.206 and 1.7.x before 220.127.116.11 on Windows allows remote attackers to write to arbitrary image files.
PrestaShop 1.6.x before 18.104.22.168 and 1.7.x before 22.214.171.124 allows remote attackers to delete an image directory.
PrestaShop 1.6.x before 126.96.36.199 and 1.7.x before 188.8.131.52 allows remote attackers to execute arbitrary code via a file upload.
In Libav 12.3, there is a heap-based buffer over-read in decode_frame in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi file.
In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue in ff_mpa_synth_filter_float in libavcodec/mpegaudiodsp_template.c can cause a segmentation fault (application crash) via a crafted mov file.
In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file.
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
Apache Tomcat CVE-2018-8037 Information Disclosure Vulnerability
Apache Tomcat CVE-2017-15706 Remote Security Weakness
IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206.
IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted request to cause an error message to be returned containing the full root path. An attacker could use this information to launch further attacks against the affected system. IBM X-Force ID: 121171.
IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456.