Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate

HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This wo

SQL injection vulnerability in komentar.php in the Forum Module for auraCMS (Modul Forum Sederhana) allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI. NOTE: some of these details are obtained from thir

Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.

sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows local users to cause a denial of service (blocked system shutdown) by triggering an unspecified deadlock condition.

Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parame

Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an

Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFi

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file.

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.

admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.

Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog 2.1 allows remote attackers to inject arbitrary web script or HTML via the name field.

Heap-based buffer overflow in the message decoding functionality for PGP Outlook Encryption Plug-In, as used in NAI PGP Desktop Security 7.0.4, Personal Security 7.0.3, and Freeware 7.0.3, allows remote attackers to modify the heap and gain privilege