CVE-2012-6696

inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836.

Source: CVE-2012-6696

CVE-2015-4667

Multiple hardcoded credentials in Xsuite 2.3.0 and 2.4.3.0.

Source: CVE-2015-4667

CVE-2015-4668

Open redirect vulnerability in Xsuite 2.3.0 and 2.4.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.

Source: CVE-2015-4668

CVE-2015-5282

Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.

Source: CVE-2015-5282

CVE-2015-6748

Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.

Source: CVE-2015-6748

CVE-2017-14730

The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.

Source: CVE-2017-14730

CVE-2015-7318

Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.

Source: CVE-2015-7318

CVE-2015-4669

The MySQL "root" user in Xsuite 2.3.0 and 2.4.3.0 does not have a password set, which allows local users to access databases on the system.

Source: CVE-2015-4669

CVE-2015-5237

protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.

Source: CVE-2015-5237

CVE-2017-14125

SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.

Source: CVE-2017-14125