SAP NetWeaver AS JAVA version 7.4 suffers from a cross site scripting vulnerability.
>> CATEGORY: exploit
Various PLANET IP cameras suffer from local file inclusion, arbitrary file read, information disclosure, cross site request forgery, cross site scripting, and hard-coded credential vulnerabilities.
An independent vulnerability laboratory researcher discovered an arbitrary file download vulnerability in the Teampass Password Manager v2.1.25 web-application.
eXtplorer version 2.1.9 suffers from a traversal vulnerability.
CakePHP Framework versions 3.2.4 and below suffer from a vulnerability that allows users to spoof the source IP address logged by the server.
runAV with mod_security suffers from a command injection vulnerability that leads to privilege escalation providing the clamscan binary is setuid.
NRSS News Reader version 0.3.9-1 suffers from a buffer overflow vulnerability which allows local attackers to obtain privileged access when exploited.
Various JVC products suffer from having weak and poorly protected credentials, cross site request forgery, cross site scripting, header injection, and information disclosure vulnerabilities.
PHPWebFTP version 3.3b suffers from cross site scripting vulnerabilities.
Ajaxel CMS version 8.0 suffers from cross site request forgery, cross site scripting, file disclosure, and remote SQL injection vulnerabilities.