The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.
Link: http://feeds.security-database.com/~r/Last100Alerts/~3/2HFkiWAw5Qc/detail.php
MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP…
Link: http://feeds.security-database.com/~r/Last100Alerts/~3/AwJKXv-ehRg/detail.php
Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1)…
Link: http://feeds.security-database.com/~r/Last100Alerts/~3/eDYklTxGdos/detail.php
Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via…
Link: http://feeds.security-database.com/~r/Last100Alerts/~3/lxRjCPX6LfM/detail.php
A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.
Link: http://feeds.security-database.com/~r/Last100Alerts/~3/pb2h1qXBJpk/detail.php
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.
Link: http://feeds.security-database.com/~r/Last100Alerts/~3/-TXRUNn4USE/detail.php
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to…
Link: http://feeds.security-database.com/~r/Last100Alerts/~3/POhMeABltn4/detail.php
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet…
Link: http://feeds.security-database.com/~r/Last100Alerts/~3/35i5FiQfRWs/detail.php
A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a…
Link: http://feeds.security-database.com/~r/Last100Alerts/~3/CMXMOEomkvg/detail.php
An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.
Link: http://feeds.security-database.com/~r/Last100Alerts/~3/X0lxmIwtR-0/detail.php