Common Vulnerabilities and Exposures

Stored cross-site scripting in Kofax Capture software allows persistent malicious script injection

Reflected cross-site scripting in SAS 9.4 allows attackers to execute scripts via crafted URLs

Admin+ stored XSS in Easy Forms for Mailchimp WordPress plugin allows administrators to inject persistent scripts

Remote code execution via insecure deserialization in IBM i Access Client Solutions allows attackers to execute arbitrary code

Decryption key disclosure in IBM i Access Client Solutions allows local attackers to obtain encryption keys via improper authority checks

Słabe szyfrowanie haseł w IBM i Access Client Solutions umożliwia atakującym odszyfrowanie przechowywanych haseł i umożliwia dostęp do podłączonych systemów

Cross-site scripting in Spipu HTML2PDF example files allows script execution via crafted input

Denial of service in F5 BIG-IQ iControl SOAP daemon - attackers with guest privileges can crash the service

Reflected cross-site scripting in F5 BIG-IP Configuration utility allows script execution via crafted requests

Path traversal in elFinder PHP LocalVolumeDriver connector allows reading/writing files outside webroot

Windows Kernel elevation of privilege allows local attackers to escalate from user to SYSTEM level access (CVSS 7.8)

Stored cross-site scripting in IBM Cognos Analytics via malicious SVG files in Custom Visualizations

Unauthenticated path traversal in Hummingbird WordPress plugin allows reading arbitrary files from the server

SQL injection in Sparx Systems Enterprise Architect allows attackers to execute arbitrary SQL queries

DLL hijacking in IBM i Access Client Solutions on Windows allows local code execution via malicious DLLs