Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.

Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint.

Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.

A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible.

Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503.

custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.

Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42.

In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.

PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section.

PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab.

PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item.

PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel.

Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.

Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request.

Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request.

Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.

Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request.

Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.

Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action.

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter.