ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.
Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.
Open Proxy in filedownload v1.4 wordpress plugin
Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET A...
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution...
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaw...
Improper input validation in firmware for Intel NUC Kits may allow a privileged user to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of...