Dell ML6000 and Quantum Scalar i500 tape backup system contain a command injection vulnerability.
Alfresco Enterprise 4.1.6 and possibly earlier versions are vulnerable to multiple cross-site scripting(XSS)vulnerabilities.
Bizagi BPM Suite contains a reflected cross-site scripting vulnerability and a SQL injection vulnerability.
Microsoft Internet Explorer 8 contains a use-after-free vulnerability that can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.
Juniper ScreenOS 6.3,and possibly earlier versions,is vulnerable to a denial of service from malformed SSL packets.
Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user,which results in a cross-site request forgery(CSRF)vulnerability. (CWE-352)
Caldera 9.20,and possibly earlier versions,contains multiple vulnerabilities.
Google Search Appliance(GSA)devices contain a cross-site scripting(XSS)vulnerability when dynamic navigation is enabled.
Ignite Realtime's Smack XMPP API ServerTrustManger trusts unauthorized SSL certificates(CWE-358)and IQ requests do not verify the from attribute allowing anyone to spoof IQ responses. (CWE-345)
Microsoft Internet Explorer contains a use-after-free vulnerability,which can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.
Apache Struts2 184.108.40.206 and earlier contain a vulnerability where the ClassLoader allows access to class properties via request parameters
The POCO C++Libraries NetSSL library fails to properly validate wildcard certificates,allowing an attacker to trick the victim application into trusting a malicious certificate.