CVE-2018-5216

Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource.

Source: CVE-2018-5216

CVE-2018-5215

Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.

Source: CVE-2018-5215

CVE-2018-5217

In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578.

Source: CVE-2018-5217

CVE-2018-5214

The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php.

Source: CVE-2018-5214

CVE-2018-5212

The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php.

Source: CVE-2018-5212

CVE-2018-5213

The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php.

Source: CVE-2018-5213

CVE-2017-1727

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.

Source: CVE-2017-1727

CVE-2014-7862

The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.

Source: CVE-2014-7862

CVE-2017-1664

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557.

Source: CVE-2017-1664

CVE-2017-14960

xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection.

Source: CVE-2017-14960