A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found.

A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found.

Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.

The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial ...

SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.

An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses...

In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of serv...

Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demo...

The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "roo...

Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially crafte...

In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.

In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.

In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.

In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.

Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question...

SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cook...

curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too littl...

The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact vi...

The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application cra...

api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.

Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. To e...

Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.