Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF29, 8.0.0.x before 8.0.0.1 CF15, and 8.5.0 before...

Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Manag...

Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Manag...

Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Manag...

Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow re...

UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file.

SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' ...

LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive informati...

Cross-site scripting (XSS) vulnerability in the search_controller in X3 CMS 0.5.1 and 0.5.1.1 allows remote authenticated users to inject arbitrary web script or HTML via the search parameter.

Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission ...

Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject ar...

Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" per...

Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary...

Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or ...

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy...

The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal allows remote authenticated users with the "access administration pages" permission to change module settings via unspecified vec...

Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password.

Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value...

AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitra...

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command.

arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a craft...

Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arb...

McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading the logs.

McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages.