Google Search Appliance(GSA)devices contain a cross-site scripting(XSS)vulnerability when dynamic navigation is enabled.
Ignite Realtime's Smack XMPP API ServerTrustManger trusts unauthorized SSL certificates(CWE-358)and IQ requests do not verify the from attribute allowing anyone to spoof IQ responses. (CWE-345)
Microsoft Internet Explorer contains a use-after-free vulnerability,which can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.
Apache Struts2 220.127.116.11 and earlier contain a vulnerability where the ClassLoader allows access to class properties via request parameters
The POCO C++Libraries NetSSL library fails to properly validate wildcard certificates,allowing an attacker to trick the victim application into trusting a malicious certificate.
IBM Notes and Domino on x86 Linux are incorrectly built requesting an executable stack. This can make it easier for attackers to exploit vulnerabilities in Notes,Domino,and any of the child processes that they may spawn.
Toshiba Global Commerce Solutions' 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed. (CWE-328)
Openfire 3.9.1,and possibly earlier versions,contains an uncontrolled resource consumption(CWE-400)vulnerability when using XMPP DEFLATE message compression.
Xangati's software release contains relative path traversal(CWE-23)and command injection(CWE-78)vulnerabilities.
Artiva Agency Single Sign-On(SSO)feature checks only the local Windows login name which could allow an attacker to impersonate another Artiva Agency user.
PaperThin CommonSpot contains multiple vulnerabilities,which may allow an unauthenticated remote attacker to execute arbitrary code on the server.
PivotX 2.3.8,and possibly earlier versions,contains cross-site scripting(CWE-79)and unsafe file upload(CWE-434)vulnerabilities.