Drupal-Wiki versions 8.30 and 8.31 suffer from multiple persistent cross site scripting vulnerabilities.
3d088d17dda324bc2da3df91c94310af275ec6c5f0b68e54defa0a2c4496f8d0
NetSetManPro version 4.7.2 suffers from a privilege escalation vulnerability.
e8a3f23fc7f163c05873cbfb945bc19268910c026e3331a239742efa41af0936
Streamworks Job Scheduler Release 7 has all agents using the same X.509 certificates and keys issued by the vendor for authentication. The processing server component does not check received messages properly for authenticity. Agents installed on servers do not check received messages properly for authenticity. Agents and processing servers are vulnerable to the TLS Heartbleed attack.
8d3ab2a2e1407bcba852d7925fccb15e6610ced1db687ba89dc4e1333028ea6d
OCS Inventory NG ocsreports versions 2.4 and 2.3.1 suffer from remote SQL injection vulnerabilities.
e7fc54d755c00801636a6217329e667a3c538290ff2ad25a1fe2d5f5a446d2f5
OCS Inventory NG ocsreports version 2.4 suffers from a cross site scripting vulnerability.
927f922342cae04cf72a1791db35f1d83533db1be55191b9a64f59848621cba9
A remote attacker with knowledge of a single machine name and the corresponding OPSI machine key is able to execute arbitrary commands on any OPSI Managed client in the same managed environment by using the Remote Procedure Call (RPC) Interface of the OPSI-Server. The attacker is able to use the SYSTEM privileges of the OPSI Agent on any managed client computer and execute arbitrary commands leading to an elevation of privileges. Affected includes OPSI Server version 4.0.7.26 and OPSI ClientAgent version 4.0.7.10-1.
444597f83e9e0ad48a430a35373f0bc6a018226b622b3ff1e949820391597d37
e107 CMS version 1.0.2 suffers from a reflective cross site scripting vulnerability.
b0a7d7d19b1bf2785fccdbdb0f2175d28946b402c3fbfdcc3590de48c18ffc57