Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via un...

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc.

Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an in...

Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat param...

Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the w...

The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging ...

The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity refer...

socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor con...

The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an ...

bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.

EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console.

The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator...

EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which ...

EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an u...

Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Passw...

Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vec...

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web script...

The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function.

The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting-...

Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via ve...

Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via ve...

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via vec...

A SQL stored procedure in the Universal Cache component in IBM solidDB 6.0.x before 6.0.1070, 6.3.x before 6.3.0.56, 6.5.x before 6.5.0.12, and 7.0.x before 7.0.0.4 allows remote authenticated users t...

Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitrar...