A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.

The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile.

sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass

rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.

Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation (dependant upon conditions), shell code execution and denial-of-service. The compo

DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.

ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access Control - Unauthenticated Remote Reboot. The impact is: PLC Wireless Router's are vulnerable to an unauthenticated remote reboot due. The component is: Reboot settings are availab

The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.

pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.

A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function.

Jara 1.6 has a SQL injection vulnerability.

Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks

Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities

The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.

The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.

An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections.

File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331.

Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote vic

The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.

The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.

The examapp plugin 1.0 for WordPress has XSS via exam input text fields.

The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.

1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation.

plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.

Monstra CMS 3.0.4 and earlier has XSS via index.php.

SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter.