Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations.

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least one linked Mercurial repository that the attacker has permission to use, or commit to a Mercurial repository used by a Bamboo plan which has branch detection enabled can execute code of their choice on systems that run a vulnerable version of Bamboo Server. Versions of Bamboo starting with 2.7.0 before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability.

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Bamboo. All versions of Bamboo before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability.

Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.

Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.

Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.

Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.

Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.

Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.

MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.

MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.

Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.

Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter.

Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.

Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.

Yoga Class Script 1.0 has SQL Injection via the /list city parameter.

Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.

Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.

Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.