S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.

Source

Caret before 2019-02-22 allows Remote Code Execution.

Source

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.

Source

The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.

Source

GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.

Source

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone “/netflow/jspui/editProfile.jsp” file in the userName parameter.

Source

PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory.

Source

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.

Source

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone “/netflow/jspui/index.jsp” file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903.

Source

XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in “/webtop/help/en/default.htm” is vulnerable.

Source